##// END OF EJS Templates
Merge remote-tracking branch 'origin/test' into test
a <a> -
r623:7473bd66aa57 Fusion
parent child
Show More
@@ -0,0 +1,5
1 # Restart dphys-swapfile service if it exists
2 logger -t "rc.firstboot" "Restarting dphys-swapfile"
3
4 systemctl enable dphys-swapfile
5 systemctl restart dphys-swapfile
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,4
1 # Configuration template file used by rpi23-gen-image.sh
2 RPI_MODEL=3
3 RELEASE=buster
4 BUILD_KERNEL=true
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -0,0 +1,15
1 # Configuration template file used by rpi23-gen-image.sh
2 # Debian Stretch using the Arm64 for kernel compilation and Debian distribution.
3
4 RPI_MODEL=3
5 RELEASE=stretch
6 BUILD_KERNEL=true
7 KERNEL_ARCH=arm64
8 RELEASE_ARCH=arm64
9 CROSS_COMPILE=aarch64-linux-gnu-
10 QEMU_BINARY=/usr/bin/qemu-aarch64-static
11 KERNEL_DEFCONFIG=bcmrpi3_defconfig
12 KERNEL_BIN_IMAGE=Image
13 KERNEL_IMAGE=kernel8.img
14 KERNEL_BRANCH=rpi-4.14.y
15 ENABLE_WIRELESS=true
@@ -1,450 +1,450
1 ## 介绍
1 ## 介绍
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.11.y```).
2 `rpi23-gen-image.sh` 是一个自动生成树莓派2/3系统镜像的脚本工具, 当前支持自动生成32位 armhf 架构的Debian, 发行版本`jessie`, `stretch``buster`. 树莓派3 64位镜像需要使用特定的配置参数 (```templates/rpi3-stretch-arm64-4.14.y```).
3
3
4 ## 构建环境所依赖的包
4 ## 构建环境所依赖的包
5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
5 一定要安装好下列deb包, 他们是构建过程需要的核心包. 脚本会自动检查, 如果缺少,经用户确认后会自动安装.
6
6
7 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
7 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8
8
9 推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
9 推荐通过配置 `rpi23-gen-image.sh` 脚本编译安装最新的树莓派 Linux 内核, 对于树莓派3, 只能如此. 在构建系统上使用 ARM (armhf) 交叉编译工具链编译内核.
10
10
11 脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
11 脚本已经在Debian Liux `jessie` 和`stretch` 构建系统下使用默认的 `crossbuild-essential-armhf` 工具链进行过测试. 获取更多信息请查看 [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains) .
12
12
13 如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
13 如果使用Debian Linux `jessie` 构建系统, 先要添加交叉编译工具链的源 [Debian 交叉工具链仓库](http://emdebian.org/tools/debian/):
14
14
15 ```
15 ```
16 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
16 echo "deb http://emdebian.org/tools/debian/ jessie main" > /etc/apt/sources.list.d/crosstools.list
17 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
17 sudo -u nobody wget -O - http://emdebian.org/tools/debian/emdebian-toolchain-archive.key | apt-key add -
18 dpkg --add-architecture armhf
18 dpkg --add-architecture armhf
19 apt-get update
19 apt-get update
20 ```
20 ```
21
21
22 ## 命令行参数
22 ## 命令行参数
23 脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过(简单)脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, (简单)脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
23 脚本可以使用特定的命令行参数来允许或禁止操作系统的某些特性、服务和配置信息. 这些参数通过(简单)脚本变量传递给 `rpi23-gen-image.sh`. 不同于环境变量, (简单)脚本变量在调用`rpi23-gen-image.sh`的命令行前面定义.
24
24
25 ##### 命令行示例:
25 ##### 命令行示例:
26 ```shell
26 ```shell
27 ENABLE_UBOOT=true ./rpi23-gen-image.sh
27 ENABLE_UBOOT=true ./rpi23-gen-image.sh
28 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
28 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
29 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
29 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
30 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
30 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
31 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
31 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
32 ENABLE_MINBASE=true ./rpi23-gen-image.sh
32 ENABLE_MINBASE=true ./rpi23-gen-image.sh
33 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
33 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
34 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
34 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
35 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
35 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
36 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
37 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
37 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
38 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
39 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
40 ```
40 ```
41
41
42 ## 参数模板文件
42 ## 参数模板文件
43 为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
43 为了避免冗长的命令行参数以及存储感兴趣的参数配置, `rpi23-gen-image.sh` 支持所谓的参数模板文件 (`CONFIG_TEMPLATE`=template). 这些文本文件位于 `./templates` 目录, 文件中含有将会使用的配置参数. 新的配置模板文件会被添加到 `./templates` 目录.
44
44
45 ##### 命令行示例:
45 ##### 命令行示例:
46 ```shell
46 ```shell
47 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
47 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
48 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
49 ```
49 ```
50
50
51 ## 支持的参数和设置
51 ## 支持的参数和设置
52 #### APT 设置:
52 #### APT 设置:
53 ##### `APT_SERVER`="ftp.debian.org"
53 ##### `APT_SERVER`="ftp.debian.org"
54 设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
54 设置 Debian 仓库地址. 选择一个 [镜像站点](https://www.debian.org/mirror/list). 选一个近的镜像站点会加快镜像生成过程中所需文件的下载速度.
55
55
56 ##### `APT_PROXY`=""
56 ##### `APT_PROXY`=""
57 设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
57 设置代理服务器地址. 使用本地缓存代理, 比如 `apt-cacher-ng` 可以缩短镜像生成时间, 因为所需要的 Debian 包文件只需下载一次.
58
58
59 ##### `APT_INCLUDES`=""
59 ##### `APT_INCLUDES`=""
60 生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
60 生成镜像过程中最先由debootstrap程序自动安装的附加包, 逗号分隔.
61
61
62 ##### `APT_INCLUDES_LATE`=""
62 ##### `APT_INCLUDES_LATE`=""
63 生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
63 生成镜像过程中最初的debootstrap完成后, 需要的使用apt命令安装的附加包, 逗号分隔. 特别用在含有 pre-depend 依赖关系的包的, 其依赖关系在打包过程中debootstrap程序中无法正确处理.
64
64
65 ---
65 ---
66
66
67 #### 通用系统设置:
67 #### 通用系统设置:
68 ##### `RPI_MODEL`=2
68 ##### `RPI_MODEL`=2
69 指定树莓派型号. 当前支持树莓派 `2``3`. 设为 `3``BUILD_KERNEL` 自动设为true .
69 指定树莓派型号. 当前支持树莓派 `2``3`. 设为 `3``BUILD_KERNEL` 自动设为true .
70
70
71 ##### `RELEASE`="jessie"
71 ##### `RELEASE`="jessie"
72 设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster``BUILD_KERNEL` 自动设为true.
72 设置 Debian 发行版. 脚本当前支持 Debian 发行版 "jessie", "stretch" 和 "buster" 的自动生成. 设为`stretch` 或 `buster``BUILD_KERNEL` 自动设为true.
73
73
74 ##### `RELEASE_ARCH`="armhf"
74 ##### `RELEASE_ARCH`="armhf"
75 设置期望的 Debian 发行架构.
75 设置期望的 Debian 发行架构.
76
76
77 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
77 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
78 设置主机名称. 建议所在的子网中主机名称是唯一的.
78 设置主机名称. 建议所在的子网中主机名称是唯一的.
79
79
80 ##### `PASSWORD`="raspberry"
80 ##### `PASSWORD`="raspberry"
81 设置系统的 `root` 用户密码. **强烈**建议选择一个自定义密码 .
81 设置系统的 `root` 用户密码. **强烈**建议选择一个自定义密码 .
82
82
83 ##### `USER_PASSWORD`="raspberry"
83 ##### `USER_PASSWORD`="raspberry"
84 设置由 `USER_NAME`=pi 参数创建的普通用户的密码. 如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
84 设置由 `USER_NAME`=pi 参数创建的普通用户的密码. 如果 `ENABLE_USER`=false 则忽略. **强烈**建议选择一个自定义密码.
85
85
86 ##### `DEFLOCAL`="en_US.UTF-8"
86 ##### `DEFLOCAL`="en_US.UTF-8"
87 设置系统默认 locale. 将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration``console-setup` 三个包.
87 设置系统默认 locale. 将来可以在运行的系统中执行 `dpkg-reconfigure locales` 命令更改此项设置. 设置这项脚本会自动安装 `locales`, `keyboard-configuration``console-setup` 三个包.
88
88
89 ##### `TIMEZONE`="Europe/Berlin"
89 ##### `TIMEZONE`="Europe/Berlin"
90 设置系统默认时区. 可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
90 设置系统默认时区. 可以在`/usr/share/zoneinfo/` 目录中找到全部可用时区. 将来可以在运行的系统中执行 `dpkg-reconfigure tzdata` 命令更改此项设置.
91
91
92 ##### `EXPANDROOT`=true
92 ##### `EXPANDROOT`=true
93 第一次运行时自动扩展根分区和文件系统.
93 第一次运行时自动扩展根分区和文件系统.
94
94
95 ---
95 ---
96
96
97 #### 键盘设置:
97 #### 键盘设置:
98 这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
98 这些选项用来配置键盘布局文件 `/etc/default/keyboard` 影响控制台和X窗口. 将来可以在运行的系统中执行 `dpkg-reconfigure keyboard-configuration` 命令更改此项设置.
99
99
100 ##### `XKB_MODEL`=""
100 ##### `XKB_MODEL`=""
101 设置键盘类型, 大陆常见pc104.
101 设置键盘类型, 大陆常见pc104.
102
102
103 ##### `XKB_LAYOUT`=""
103 ##### `XKB_LAYOUT`=""
104 设置键盘布局, 大陆常见us.
104 设置键盘布局, 大陆常见us.
105
105
106 ##### `XKB_VARIANT`=""
106 ##### `XKB_VARIANT`=""
107 设置键盘布局变种.
107 设置键盘布局变种.
108
108
109 ##### `XKB_OPTIONS`=""
109 ##### `XKB_OPTIONS`=""
110 设置其它 XKB 配置选项.
110 设置其它 XKB 配置选项.
111
111
112 ---
112 ---
113
113
114 #### 网络设置 (动态):
114 #### 网络设置 (动态):
115 设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
115 设置网络为自动获取IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch`中, 默认位置更改为 `/lib/systemd/network`.
116
116
117 ##### `ENABLE_DHCP`=true
117 ##### `ENABLE_DHCP`=true
118 设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
118 设置系统使用 DHCP 获取动态IP. 需要有一个 DHCP 服务器.
119
119
120 ---
120 ---
121
121
122 #### 网络设置 (静态):
122 #### 网络设置 (静态):
123 设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
123 设置系统为手动配置IP地址. 配置文件位于 `/etc/systemd/network/eth.network`. 在Debian `stretch` 中, 默认位置更改为 `/lib/systemd/network`.
124 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
124 `ENABLE_DHCP`=false 时下面这些静态IP设置才起作用.
125
125
126 ##### `NET_ADDRESS`=""
126 ##### `NET_ADDRESS`=""
127 设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
127 设置静态 IPv4 或 IPv6, 使用CIDR "/"形式, 如 "192.169.0.3/24".
128
128
129 ##### `NET_GATEWAY`=""
129 ##### `NET_GATEWAY`=""
130 设置默认网关的地址.
130 设置默认网关的地址.
131
131
132 ##### `NET_DNS_1`=""
132 ##### `NET_DNS_1`=""
133 设置主域名服务器地址.
133 设置主域名服务器地址.
134
134
135 ##### `NET_DNS_2`=""
135 ##### `NET_DNS_2`=""
136 设置辅域名服务器地址.
136 设置辅域名服务器地址.
137
137
138 ##### `NET_DNS_DOMAINS`=""
138 ##### `NET_DNS_DOMAINS`=""
139 设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
139 设置默认的域名搜索后缀, 当主机名称不是一个完整域名(FQDN)时使用.
140
140
141 ##### `NET_NTP_1`=""
141 ##### `NET_NTP_1`=""
142 设置主时间服务器地址.
142 设置主时间服务器地址.
143
143
144 ##### `NET_NTP_2`=""
144 ##### `NET_NTP_2`=""
145 设置辅时间服务器地址.
145 设置辅时间服务器地址.
146
146
147 ---
147 ---
148
148
149 #### 基本系统特性:
149 #### 基本系统特性:
150 ##### `ENABLE_CONSOLE`=true
150 ##### `ENABLE_CONSOLE`=true
151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
151 允许串行控制台接口. 没有连接显示器键盘的树莓派推荐打开, 此时如果网络无法连接至树莓派, 可以使用串行控制台连至系统.
152
152
153 ##### `ENABLE_I2C`=false
153 ##### `ENABLE_I2C`=false
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
154 允许树莓派2/3的 I2C 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
155
155
156 ##### `ENABLE_SPI`=false
156 ##### `ENABLE_SPI`=false
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
157 允许树莓派2/3的 SPI 接口. 请对照 [树莓派2/3 引脚示意图](https://elinux.org/RPi_Low-level_peripherals) 正确连接 GPIO 引脚.
158
158
159 ##### `ENABLE_IPV6`=true
159 ##### `ENABLE_IPV6`=true
160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
160 允许 IPv6 . 通过 systemd-networkd 配置管理网络接口.
161
161
162 ##### `ENABLE_SSHD`=true
162 ##### `ENABLE_SSHD`=true
163 安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -``sudo` 来取得root权限.
163 安装并且允许 OpenSSH 服务. 此服务默认禁止 `root` 用户远程登录. 使用普通用户 `pi` 远程登录然后使用 `su -``sudo` 来取得root权限.
164
164
165 ##### `ENABLE_NONFREE`=false
165 ##### `ENABLE_NONFREE`=false
166 允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
166 允许安装仓库中的 non-free 类的软件包. 需要安装闭源的固件, 二进制大对象 blob.
167
167
168 ##### `ENABLE_WIRELESS`=false
168 ##### `ENABLE_WIRELESS`=false
169 下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
169 下载安装树莓派3无线接口所需要的闭源固件 二进制blob [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm). 如果 `RPI_MODEL` 不是 `3` 则忽略.
170
170
171 ##### `ENABLE_RSYSLOG`=true
171 ##### `ENABLE_RSYSLOG`=true
172 如果设置为 false, 禁用并卸载 rsyslog, 则只能通过日志文件查看logs.
172 如果设置为 false, 禁用并卸载 rsyslog, 则只能通过日志文件查看logs.
173
173
174 ##### `ENABLE_SOUND`=true
174 ##### `ENABLE_SOUND`=true
175 允许声卡并且安装 ALSA.
175 允许声卡并且安装 ALSA.
176
176
177 ##### `ENABLE_HWRANDOM`=true
177 ##### `ENABLE_HWRANDOM`=true
178 允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
178 允许硬件随机数发生器. 强随机数对大多数使用加密的网络通信是非常重要的. 推荐允许此设置.
179
179
180 ##### `ENABLE_MINGPU`=false
180 ##### `ENABLE_MINGPU`=false
181 最小化显存 (16MB, no X), 目前无法完全禁用GPU.
181 最小化显存 (16MB, no X), 目前无法完全禁用GPU.
182
182
183 ##### `ENABLE_DBUS`=true
183 ##### `ENABLE_DBUS`=true
184 安装并允许 D-Bus 消息总线. 虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
184 安装并允许 D-Bus 消息总线. 虽然 systemd 可以在没有 D-bus的情况下工作, 但是推荐允许D-Bus.
185
185
186 ##### `ENABLE_XORG`=false
186 ##### `ENABLE_XORG`=false
187 是否安装 Xorg, 开源 X11 系统.
187 是否安装 Xorg, 开源 X11 系统.
188
188
189 ##### `ENABLE_WM`=""
189 ##### `ENABLE_WM`=""
190 安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true, `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
190 安装用户指定的X Window 窗口管理器. 如果设置了`ENABLE_WM`, 系统确定所有被依赖的X11相关软件包都安装好了以后`ENABLE_XORG`会自动设置为true, `rpi23-gen-image.sh` 脚本已经通过下列窗口管理器的测试: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
191
191
192 ---
192 ---
193
193
194 #### 高级系统特性:
194 #### 高级系统特性:
195 ##### `ENABLE_MINBASE`=false
195 ##### `ENABLE_MINBASE`=false
196 使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
196 使用 debootstrap 脚本变量 `minbase`, 只含有必不可少的核心包和apt. 体积大约 65 MB.
197
197
198 ##### `ENABLE_REDUCE`=false
198 ##### `ENABLE_REDUCE`=false
199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
199 卸载包、删除文件以减小体积 详情查看 `REDUCE_*` 参数.
200
200
201 ##### `ENABLE_UBOOT`=false
201 ##### `ENABLE_UBOOT`=false
202 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
202 使用 [U-Boot 引导器](https://git.denx.de/?p=u-boot.git;a=summary) 替代树莓派2/3 默认的第二阶段引导器(bootcode.bin). U-Boot 可以通过网络使用 BOOTP/TFTP 协议引导镜像文件.
203
203
204 ##### `UBOOTSRC_DIR`=""
204 ##### `UBOOTSRC_DIR`=""
205 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
205 存放已下载 [U-Boot 引导器源文件](https://git.denx.de/?p=u-boot.git;a=summary) 的目录(`u-boot`).
206
206
207 ##### `ENABLE_FBTURBO`=false
207 ##### `ENABLE_FBTURBO`=false
208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
208 安装并且允许 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. 当前仅支持窗口的移动和滚动的硬件加速.
209
209
210 ##### `FBTURBOSRC_DIR`=""
210 ##### `FBTURBOSRC_DIR`=""
211 设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
211 设置存放已下载的 [硬件加速的 Xorg 显卡驱动](https://github.com/ssvb/xf86-video-fbturbo) 的目录 (`xf86-video-fbturbo`) , 可以复制到chroot内配置、构建和安装.
212
212
213 ##### `ENABLE_IPTABLES`=false
213 ##### `ENABLE_IPTABLES`=false
214 允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
214 允许 iptables 防火墙. 使用最简单的规则集: 允许所有出站连接;禁止除OpenSSH外的所有入站连接.
215
215
216 ##### `ENABLE_USER`=true
216 ##### `ENABLE_USER`=true
217 创建普通用户, 默认用户名`pi`, 默认密码raspberry. 可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
217 创建普通用户, 默认用户名`pi`, 默认密码raspberry. 可以使用 `USER_NAME`=user 更改默认用户名;使用 `USER_PASSWORD`=raspberry 更改默认密码.
218
218
219 ##### `USER_NAME`=pi
219 ##### `USER_NAME`=pi
220 创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
220 创建普通用户pi. 如果`ENABLE_USER`=false 此参数被忽略.
221
221
222 ##### `ENABLE_ROOT`=false
222 ##### `ENABLE_ROOT`=false
223 允许root用户登录, 需要设置 root 用户密码.
223 允许root用户登录, 需要设置 root 用户密码.
224
224
225 ##### `ENABLE_HARDNET`=false
225 ##### `ENABLE_HARDNET`=false
226 允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
226 允许加固 IPv4/IPv6 协议栈, 防止DoS攻击.
227
227
228 ##### `ENABLE_SPLITFS`=false
228 ##### `ENABLE_SPLITFS`=false
229 允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
229 允许将根分区放在USB驱动器中. 将会生成两个镜像文件, 一个挂载为 `/boot/firmware` , 另一个挂载为 `/`.
230
230
231 ##### `CHROOT_SCRIPTS`=""
231 ##### `CHROOT_SCRIPTS`=""
232 设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
232 设置自定义脚本目录的路径, 该目录中的脚本在镜像文件构建完成之前在chroot中运行. 这个目录里的可执行文件按着字典序运行.
233
233
234 ##### `ENABLE_INITRAMFS`=false
234 ##### `ENABLE_INITRAMFS`=false
235 创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
235 创建 Linux 启动时加载的 initramfs .如果 `ENABLE_CRYPTFS`=true 那么 `ENABLE_INITRAMFS` 自动设为true . 如果 `BUILD_KERNEL`=false 此参数被忽略.
236
236
237 ##### `ENABLE_IFNAMES`=true
237 ##### `ENABLE_IFNAMES`=true
238 允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch``buster` .
238 允许一致/可预测网络接口命名, 支持 Debian 发行版 `stretch``buster` .
239
239
240 ##### `DISABLE_UNDERVOLT_WARNINGS`=
240 ##### `DISABLE_UNDERVOLT_WARNINGS`=
241 禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
241 禁止树莓派2/3 的低电压警告. 设为 `1` 禁止警告. 设为 `2` 额外允许低电压下的turbo增强模式.
242
242
243 ---
243 ---
244
244
245 #### SSH 设置:
245 #### SSH 设置:
246 ##### `SSH_ENABLE_ROOT`=false
246 ##### `SSH_ENABLE_ROOT`=false
247 允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
247 允许root通过密码验证方式远程登录系统. 如果没有修改默认密码, 这将是个巨大的安全隐患. `ENABLE_ROOT` 必须设为 `true`.
248
248
249 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
249 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
250 禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
250 禁用SSH的密码验证方式, 只支持SSH (v2)的公钥认证.
251
251
252 ##### `SSH_LIMIT_USERS`=false
252 ##### `SSH_LIMIT_USERS`=false
253 限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
253 限制通过SSH远程登录的用户. 只允许由 `USER_NAME`=pi 参数创建的普通用户, 以及当 `SSH_ENABLE_ROOT`=true 时 root 用户远程登录. 如果使用的守护程序是 `dropbear` (通过 `REDUCE_SSHD`=true 设置) 则忽略此参数.
254
254
255 ##### `SSH_ROOT_PUB_KEY`=""
255 ##### `SSH_ROOT_PUB_KEY`=""
256 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1). `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
256 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得 `root` 用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1). `ENABLE_ROOT` **和** `SSH_ENABLE_ROOT` 必须同时设为 `true`.
257
257
258 ##### `SSH_USER_PUB_KEY`=""
258 ##### `SSH_USER_PUB_KEY`=""
259 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
259 从指定文件(可包含多个公钥)添加 SSH (v2) 公钥到 `authorized_keys` 文件, 使得由 `USER_NAME`=pi 参数创建的普通用户可以使用SSH (v2)的公钥验证方式远程登录, 不支持SSH (v1).
260
260
261 ---
261 ---
262
262
263 #### 内核编译:
263 #### 内核编译:
264 ##### `BUILD_KERNEL`=false
264 ##### `BUILD_KERNEL`=false
265 构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
265 构建安装最新的树莓派 2/3 Linux 内核, 当前只支持默认内核配置. 如果设置为树莓派`3`那么自动设置`BUILD_KERNEL`=true .
266
266
267 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
267 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
268 设置交叉编译器.
268 设置交叉编译器.
269
269
270 ##### `KERNEL_ARCH`="arm"
270 ##### `KERNEL_ARCH`="arm"
271 设置内核架构.
271 设置内核架构.
272
272
273 ##### `KERNEL_IMAGE`="kernel7.img"
273 ##### `KERNEL_IMAGE`="kernel7.img"
274 内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
274 内核镜像名称, 如果没有设置, 编译32位内核默认“kernel7.img” 64位内核默认 "kernel8.img".
275
275
276 ##### `KERNEL_BRANCH`=""
276 ##### `KERNEL_BRANCH`=""
277 GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
277 GIT里的树莓派内核源代码分支名称, 默认使用当前默认分支.
278
278
279 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
279 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
280 设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
280 设置构建系统中的QEMU程序位置. 如果没有设置, 32位内核默认 “/usr/bin/qemu-arm-static” 64位内核默认 "/usr/bin/qemu-aarch64-static".
281
281
282 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
282 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
283 设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
283 设置编译内核的默认配置. 如果没有设置, 32位内核默认"bcm2709_defconfig" 64位内核默认"bcmrpi3\_defconfig".
284
284
285 ##### `KERNEL_REDUCE`=false
285 ##### `KERNEL_REDUCE`=false
286 缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
286 缩小内核体积, 移除不想要的设备驱动、网络驱动和文件系统驱动 (实验性质).
287
287
288 ##### `KERNEL_THREADS`=1
288 ##### `KERNEL_THREADS`=1
289 编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
289 编译内核时的并发线程数量. 如果使用默认设置, 系统会自动检测CPU的内核数量, 设置线程数量, 加速内核编译.
290
290
291 ##### `KERNEL_HEADERS`=true
291 ##### `KERNEL_HEADERS`=true
292 安装内核相应的头文件.
292 安装内核相应的头文件.
293
293
294 ##### `KERNEL_MENUCONFIG`=false
294 ##### `KERNEL_MENUCONFIG`=false
295 运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
295 运行`make menuconfig`使用菜单界面配置内核. 退出配置菜单后脚本继续运行.
296
296
297 ##### `KERNEL_REMOVESRC`=true
297 ##### `KERNEL_REMOVESRC`=true
298 编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
298 编译安装完成后, 删掉内核源代码, 产生的镜像不含内核源代码.
299
299
300 ##### `KERNELSRC_DIR`=""
300 ##### `KERNELSRC_DIR`=""
301 已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
301 已下载好的 [Github上的树莓派官方内核](https://github.com/raspberrypi/linux) 源码所在目录 (`linux`) 的路径, 可以复制到chroot内配置、构建和安装.
302
302
303 ##### `KERNELSRC_CLEAN`=false
303 ##### `KERNELSRC_CLEAN`=false
304 当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
304 当`KERNELSRC_DIR`被复制到 chroot 之后开始编译之前(使用 `make mrproper`)清理内核源代码. 如果 `KERNELSRC_DIR` 没有设置或者 `KERNELSRC_PREBUILT`=true时忽略此设置.
305
305
306 ##### `KERNELSRC_CONFIG`=true
306 ##### `KERNELSRC_CONFIG`=true
307 在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
307 在编译前使用 `make bcm2709_defconfig` (也可以选择 `make menuconfig`) 配置内核源代码. 如果`KERNELSRC_DIR`指定的源码存放目录不存在,这个参数自动设为 `true`. 如果 `KERNELSRC_PREBUILT`=true 忽略此参数.
308
308
309 ##### `KERNELSRC_USRCONFIG`=""
309 ##### `KERNELSRC_USRCONFIG`=""
310 复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
310 复制自己的配置文件到内核的 `.config`. 如果 `KERNEL_MENUCONFIG`=true 拷贝完成后自动运行 make menuconfig.
311
311
312 ##### `KERNELSRC_PREBUILT`=false
312 ##### `KERNELSRC_PREBUILT`=false
313 如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
313 如果这个参数设为true 表示内核源代码目录中包含成功交叉编译好的内核. 忽略 `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` 这四个参数,不再执行交叉编译操作.
314
314
315 ##### `RPI_FIRMWARE_DIR`=""
315 ##### `RPI_FIRMWARE_DIR`=""
316 指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
316 指定目录 (`firmware`) 含有已经从 [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)下载到本地的固件. 默认直接从网上下载最新的固件.
317
317
318 ---
318 ---
319
319
320 #### 缩小体积:
320 #### 缩小体积:
321 如果 `ENABLE_REDUCE`=false 则忽略下列参数.
321 如果 `ENABLE_REDUCE`=false 则忽略下列参数.
322
322
323 ##### `REDUCE_APT`=true
323 ##### `REDUCE_APT`=true
324 配置 APT,压缩仓库文件列表,不缓存下载的包文件.
324 配置 APT,压缩仓库文件列表,不缓存下载的包文件.
325
325
326 ##### `REDUCE_DOC`=true
326 ##### `REDUCE_DOC`=true
327 移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
327 移除所有的doc文档文件(harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括doc文件.
328
328
329 ##### `REDUCE_MAN`=true
329 ##### `REDUCE_MAN`=true
330 移除所有的man手册页和info文件 (harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
330 移除所有的man手册页和info文件 (harsh). 配置 APT, 将来使用`apt-get`安装deb包时不包括man手册页.
331
331
332 ##### `REDUCE_VIM`=false
332 ##### `REDUCE_VIM`=false
333 使用vim的小型克隆 `levee` 替代 `vim-tiny`.
333 使用vim的小型克隆 `levee` 替代 `vim-tiny`.
334
334
335 ##### `REDUCE_BASH`=false
335 ##### `REDUCE_BASH`=false
336 使用 `dash` 代替 `bash` (实验性质).
336 使用 `dash` 代替 `bash` (实验性质).
337
337
338 ##### `REDUCE_HWDB`=true
338 ##### `REDUCE_HWDB`=true
339 移除与 PCI 相关的 hwdb 文件 (实验性质).
339 移除与 PCI 相关的 hwdb 文件 (实验性质).
340
340
341 ##### `REDUCE_SSHD`=true
341 ##### `REDUCE_SSHD`=true
342 使用`dropbear`代替 `openssh-server`.
342 使用`dropbear`代替 `openssh-server`.
343
343
344 ##### `REDUCE_LOCALE`=true
344 ##### `REDUCE_LOCALE`=true
345 移除所有的 `locale` 本地化文件.
345 移除所有的 `locale` 本地化文件.
346
346
347 ---
347 ---
348
348
349 #### 加密根分区:
349 #### 加密根分区:
350 ##### `ENABLE_CRYPTFS`=false
350 ##### `ENABLE_CRYPTFS`=false
351 使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs. /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
351 使用dm-crypt进行全盘加密. 创建一个 LUKS 加密根分区 (加密方法 aes-xts-plain64:sha512) 并生成所需要的 initramfs. /boot 目录不会被加密. 当`BUILD_KERNEL`=false时忽略此参数. `ENABLE_CRYPTFS` 这个参数当前是实验性质的. SSH-to-initramfs 当前不支持,正在进行中.
352
352
353 ##### `CRYPTFS_PASSWORD`=""
353 ##### `CRYPTFS_PASSWORD`=""
354 设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
354 设置根分区的加密密码. 如果 `ENABLE_CRYPTFS`=true,请务必设置此参数.
355
355
356 ##### `CRYPTFS_MAPPING`="secure"
356 ##### `CRYPTFS_MAPPING`="secure"
357 设置device-mapper映射名称.
357 设置device-mapper映射名称.
358
358
359 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
359 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
360 加密算法. 推荐 `aes-xts*`加密法.
360 加密算法. 推荐 `aes-xts*`加密法.
361
361
362 ##### `CRYPTFS_XTSKEYSIZE`=512
362 ##### `CRYPTFS_XTSKEYSIZE`=512
363 设置密钥长度,8的倍数,以bit为单位.
363 设置密钥长度,8的倍数,以bit为单位.
364
364
365 ---
365 ---
366
366
367 #### Build settings构建设置:
367 #### Build settings构建设置:
368 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
368 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
369 设置产生镜像的目录.
369 设置产生镜像的目录.
370
370
371 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
371 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
372 设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
372 设置镜像文件名. 如果`ENABLE_SPLITFS`=false则文件名$IMAGE_NAME.img 如果`ENABLE_SPLITFS`=true则文件名$IMAGE_NAME-frmw.img 和 $IMAGE_NAME-root.img. 如果没有设置 `KERNEL_BRANCH` 则使用 "CURRENT" .
373
373
374 ## 理解脚本
374 ## 理解脚本
375 制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
375 制作镜像的每个阶段所实现的功能都由各自的脚本完成, 位于 `bootstrap.d` 目录. 按着字典序执行:
376
376
377 | 脚本 | 说明 |
377 | 脚本 | 说明 |
378 | --- | --- |
378 | --- | --- |
379 | `10-bootstrap.sh` | 生成基本系统 |
379 | `10-bootstrap.sh` | 生成基本系统 |
380 | `11-apt.sh` | 设置 APT 仓库源 |
380 | `11-apt.sh` | 设置 APT 仓库源 |
381 | `12-locale.sh` | 设置 Locales 和 keyboard |
381 | `12-locale.sh` | 设置 Locales 和 keyboard |
382 | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
382 | `13-kernel.sh` | 编译安装树莓派 2/3 内核 |
383 | `14-fstab.sh` | 设置 fstab 和 initramfs |
383 | `14-fstab.sh` | 设置 fstab 和 initramfs |
384 | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
384 | `15-rpi-config.sh` | 设置 RPi2/3 config and cmdline |
385 | `20-networking.sh` | 设置网络 |
385 | `20-networking.sh` | 设置网络 |
386 | `21-firewall.sh` | 设置防火墙 |
386 | `21-firewall.sh` | 设置防火墙 |
387 | `30-security.sh` | 设置用户以及安全相关 |
387 | `30-security.sh` | 设置用户以及安全相关 |
388 | `31-logging.sh` | 设置日志 |
388 | `31-logging.sh` | 设置日志 |
389 | `32-sshd.sh` | 设置 SSH 和公钥 |
389 | `32-sshd.sh` | 设置 SSH 和公钥 |
390 | `41-uboot.sh` | 编译设置 U-Boot |
390 | `41-uboot.sh` | 编译设置 U-Boot |
391 | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
391 | `42-fbturbo.sh` | 编译设置 fbturbo Xorg 驱动 |
392 | `50-firstboot.sh` | 首次启动执行的任务 |
392 | `50-firstboot.sh` | 首次启动执行的任务 |
393 | `99-reduce.sh` | 缩小体积 |
393 | `99-reduce.sh` | 缩小体积 |
394
394
395 所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
395 所有需要拷贝到镜像文件的配置文件都位于 `files` 目录. 最好不要手动更改这些配置文件.
396
396
397 | 目录 | 说明 |
397 | 目录 | 说明 |
398 | --- | --- |
398 | --- | --- |
399 | `apt` | APT 管理配置文件 |
399 | `apt` | APT 管理配置文件 |
400 | `boot` | 引导文件 树莓派2/3配置文件 |
400 | `boot` | 引导文件 树莓派2/3配置文件 |
401 | `dpkg` | 包管理配置文件 |
401 | `dpkg` | 包管理配置文件 |
402 | `etc` | 配置文件以及 rc 启动脚本 |
402 | `etc` | 配置文件以及 rc 启动脚本 |
403 | `firstboot` | 首次引导执行的脚本 |
403 | `firstboot` | 首次引导执行的脚本 |
404 | `initramfs` | Initramfs 脚本 |
404 | `initramfs` | Initramfs 脚本 |
405 | `iptables` | 防火墙配置文件 |
405 | `iptables` | 防火墙配置文件 |
406 | `locales` | Locales 配置 |
406 | `locales` | Locales 配置 |
407 | `modules` | 内核模块配置 |
407 | `modules` | 内核模块配置 |
408 | `mount` | Fstab 配置 |
408 | `mount` | Fstab 配置 |
409 | `network` | 网络配置文件 |
409 | `network` | 网络配置文件 |
410 | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
410 | `sysctl.d` | 交换文件以及IP协议加固配置文件 |
411 | `xorg` | fbturbo Xorg 驱动配置 |
411 | `xorg` | fbturbo Xorg 驱动配置 |
412
412
413 ## 自定义包和脚本
413 ## 自定义包和脚本
414 `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
414 `packages` 目录里放置自定义deb包, 比如系统仓库里没有的软件.在安装完系统仓库中的包之后安装. 自定义包所依赖的deb包会自动从系统仓库下载. 不要把自定义包添加到 `APT_INCLUDES` 参数中.
415 `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
415 `custom.d` 目录中的脚本会在其它安装都完成后, 创建镜像文件之前执行.
416
416
417 ## 记录镜像产生过程的信息
417 ## 记录镜像产生过程的信息
418 所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
418 所有镜像产生过程的信息、`rpi23-gen-image.sh` 脚本执行的命令都可以通过shell的 `script` 命令保存到日志文件中:
419
419
420 ```shell
420 ```shell
421 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
421 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
422 ```
422 ```
423
423
424 ## 烧录镜像文件
424 ## 烧录镜像文件
425 `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool``dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
425 `rpi23-gen-image.sh` 所生成的镜像文件需要使用 `bmaptool``dd` 烧录到 microSD 卡. `bmaptool` 速度快比 `dd` 聪明.
426
426
427 ##### 烧录示例:
427 ##### 烧录示例:
428 ```shell
428 ```shell
429 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
429 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie.img /dev/mmcblk0
430 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
430 dd bs=4M if=./images/jessie/2017-01-23-rpi3-jessie.img of=/dev/mmcblk0
431 ```
431 ```
432 如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
432 如果设置过 `ENABLE_SPLITFS`, 烧录 `-frmw` 文件到 microSD 卡, 烧录 `-root` 文件到 USB 驱动器:
433 ```shell
433 ```shell
434 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
434 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-frmw.img /dev/mmcblk0
435 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
435 bmaptool copy ./images/jessie/2017-01-23-rpi3-jessie-root.img /dev/sdc
436 ```
436 ```
437 ## 每周镜像
437 ## 每周镜像
438 这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
438 这些镜像由JRWR'S I/O PORT提供, 每周日午夜UTC 0点编译!
439 * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
439 * [Debian Stretch Raspberry Pi2/3 周构建镜像](https://jrwr.io/doku.php?id=projects:debianpi)
440
440
441 ## External links and references外部链接, 各种资源
441 ## External links and references外部链接, 各种资源
442 * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
442 * [Debian 全世界镜像列表](https://www.debian.org/mirror/list)
443 * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
443 * [Debian 树莓派 2 Wiki](https://wiki.debian.org/RaspberryPi2)
444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
444 * [Debian 交叉工具链 Wiki](https://wiki.debian.org/CrossToolchains)
445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
445 * [Github上的树莓派官方固件](https://github.com/raspberrypi/firmware)
446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
446 * [Github上的树莓派官方内核](https://github.com/raspberrypi/linux)
447 * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
447 * [U-BOOT git 仓库](https://git.denx.de/?p=u-boot.git;a=summary)
448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
448 * [Xorg DDX fbturbo驱动](https://github.com/ssvb/xf86-video-fbturbo)
449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
449 * [树莓派3无线接口固件](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
450 * [Collabora 树莓派2预编译内核](https://repositories.collabora.co.uk/debian/)
@@ -1,544 +1,548
1 # rpi23-gen-image
1 # rpi23-gen-image
2 ## Introduction
2 ## Introduction
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
3 `rpi23-gen-image.sh` is an advanced Debian Linux bootstrapping shell script for generating Debian OS images for all Raspberry Pi computers. The script at this time supports the bootstrapping of the Debian (armhf/armel) releases `stretch` and `buster`. Raspberry Pi 0/1/2/3 images are generated for 32-bit mode only. Raspberry Pi 3 supports 64-bit images that can be generated using custom configuration parameters (```templates/rpi3-stretch-arm64-4.14.y```).
4
4
5 ## Build dependencies
5 ## Build dependencies
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
6 The following list of Debian packages must be installed on the build system because they are essentially required for the bootstrapping process. The script will check if all required packages are installed and missing packages will be installed automatically if confirmed by the user.
7
7
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
8 ```debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo```
9
9
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
10 It is recommended to configure the `rpi23-gen-image.sh` script to build and install the latest Raspberry Pi Linux kernel. For the Raspberry 3 this is mandatory. Kernel compilation and linking will be performed on the build system using an ARM (armhf/armel) cross-compiler toolchain.
11
11
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
12 The script has been tested using the default `crossbuild-essential-armhf` and `crossbuild-essential-armel` toolchain meta packages on Debian Linux `stretch` build systems. Please check the [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains) for further information.
13
13
14 ## Command-line parameters
14 ## Command-line parameters
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
15 The script accepts certain command-line parameters to enable or disable specific OS features, services and configuration settings. These parameters are passed to the `rpi23-gen-image.sh` script via (simple) shell-variables. Unlike environment shell-variables (simple) shell-variables are defined at the beginning of the command-line call of the `rpi23-gen-image.sh` script.
16
16
17 ##### Command-line examples:
17 ##### Command-line examples:
18 ```shell
18 ```shell
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
19 ENABLE_UBOOT=true ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
20 ENABLE_CONSOLE=false ENABLE_IPV6=false ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
21 ENABLE_WM=xfce4 ENABLE_FBTURBO=true ENABLE_MINBASE=true ./rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
22 ENABLE_HARDNET=true ENABLE_IPTABLES=true /rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
23 APT_SERVER=ftp.de.debian.org APT_PROXY="http://127.0.0.1:3142/" ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
24 ENABLE_MINBASE=true ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
25 BUILD_KERNEL=true ENABLE_MINBASE=true ENABLE_IPV6=false ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
26 BUILD_KERNEL=true KERNELSRC_DIR=/tmp/linux ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
27 ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
28 ENABLE_CRYPTFS=true CRYPTFS_PASSWORD=changeme EXPANDROOT=false ENABLE_MINBASE=true ENABLE_REDUCE=true ENABLE_MINGPU=true BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
29 RELEASE=stretch BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
30 RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
31 RELEASE=stretch RPI_MODEL=3 ENABLE_WIRELESS=true ENABLE_MINBASE=true BUILD_KERNEL=true ./rpi23-gen-image.sh
32 ```
32 ```
33
33
34 ## Configuration template files
34 ## Configuration template files
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
35 To avoid long lists of command-line parameters and to help to store the favourite parameter configurations the `rpi23-gen-image.sh` script supports so called configuration template files (`CONFIG_TEMPLATE`=template). These are simple text files located in the `./templates` directory that contain the list of configuration parameters that will be used. New configuration template files can be added to the `./templates` directory.
36
36
37 ##### Command-line examples:
37 ##### Command-line examples:
38 ```shell
38 ```shell
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
39 CONFIG_TEMPLATE=rpi3stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
40 CONFIG_TEMPLATE=rpi2stretch ./rpi23-gen-image.sh
41 ```
41 ```
42
42
43 ## Supported parameters and settings
43 ## Supported parameters and settings
44 #### APT settings:
44 #### APT settings:
45 ##### `APT_SERVER`="ftp.debian.org"
45 ##### `APT_SERVER`="ftp.debian.org"
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
46 Set Debian packages server address. Choose a server from the list of Debian worldwide [mirror sites](https://www.debian.org/mirror/list). Using a nearby server will probably speed-up all required downloads within the bootstrapping process.
47
47
48 ##### `APT_PROXY`=""
48 ##### `APT_PROXY`=""
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
49 Set Proxy server address. Using a local Proxy-Cache like `apt-cacher-ng` will speed-up the bootstrapping process because all required Debian packages will only be downloaded from the Debian mirror site once. If `apt-cacher-ng` is running on default `http://127.0.0.1:3142` it is autodetected and you don't need to set this.
50
50
51 ##### `KEEP_APT_PROXY`=false
51 ##### `KEEP_APT_PROXY`=false
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
52 Keep the APT_PROXY settings used in the bootsrapping process in the generated image.
53
53
54 ##### `APT_INCLUDES`=""
54 ##### `APT_INCLUDES`=""
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
55 A comma-separated list of additional packages to be installed by debootstrap during bootstrapping.
56
56
57 ##### `APT_INCLUDES_LATE`=""
57 ##### `APT_INCLUDES_LATE`=""
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
58 A comma-separated list of additional packages to be installed by apt after bootstrapping and after APT sources are set up. This is useful for packages with pre-depends, which debootstrap do not handle well.
59
59
60 ---
60 ---
61
61
62 #### General system settings:
62 #### General system settings:
63 ##### `SET_ARCH`=32
63 ##### `SET_ARCH`=32
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
64 Set Architecture to default 32bit. If you want to compile 64-bit (RPI3 or RPI3+) set it to `64`. This option will set every needed cross-compiler or board specific option for a successful build.
65
65
66 ##### `RPI_MODEL`=2
66 ##### `RPI_MODEL`=2
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
67 Specify the target Raspberry Pi hardware model. The script at this time supports the following Raspberry Pi models:
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
68 - `0` = Raspberry Pi 0 and Raspberry Pi 0 W
69 - `1` = Raspberry Pi 1 model A and B
69 - `1` = Raspberry Pi 1 model A and B
70 - `1P` = Raspberry Pi 1 model B+ and A+
70 - `1P` = Raspberry Pi 1 model B+ and A+
71 - `2` = Raspberry Pi 2 model B
71 - `2` = Raspberry Pi 2 model B
72 - `3` = Raspberry Pi 3 model B
72 - `3` = Raspberry Pi 3 model B
73 - `3P` = Raspberry Pi 3 model B+
73 - `3P` = Raspberry Pi 3 model B+
74
74
75 ##### `RELEASE`="buster"
75 ##### `RELEASE`="buster"
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
76 Set the desired Debian release name. The script at this time supports the bootstrapping of the Debian releases `stretch` and `buster`.
77
77
78 ##### `RELEASE_ARCH`="armhf"
78 ##### `RELEASE_ARCH`="armhf"
79 Set the desired Debian release architecture.
79 Set the desired Debian release architecture.
80
80
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
81 ##### `HOSTNAME`="rpi$RPI_MODEL-$RELEASE"
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
82 Set system hostname. It's recommended that the hostname is unique in the corresponding subnet.
83
83
84 ##### `PASSWORD`="raspberry"
84 ##### `PASSWORD`="raspberry"
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
85 Set system `root` password. It's **STRONGLY** recommended that you choose a custom password.
86
86
87 ##### `USER_PASSWORD`="raspberry"
87 ##### `USER_PASSWORD`="raspberry"
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
88 Set password for the created non-root user `USER_NAME`=pi. Ignored if `ENABLE_USER`=false. It's **STRONGLY** recommended that you choose a custom password.
89
89
90 ##### `DEFLOCAL`="en_US.UTF-8"
90 ##### `DEFLOCAL`="en_US.UTF-8"
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
91 Set default system locale. This setting can also be changed inside the running OS using the `dpkg-reconfigure locales` command. Please note that on using this parameter the script will automatically install the required packages `locales`, `keyboard-configuration` and `console-setup`.
92
92
93 ##### `TIMEZONE`="Europe/Berlin"
93 ##### `TIMEZONE`="Europe/Berlin"
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
94 Set default system timezone. All available timezones can be found in the `/usr/share/zoneinfo/` directory. This setting can also be changed inside the running OS using the `dpkg-reconfigure tzdata` command.
95
95
96 ##### `EXPANDROOT`=true
96 ##### `EXPANDROOT`=true
97 Expand the root partition and filesystem automatically on first boot.
97 Expand the root partition and filesystem automatically on first boot.
98
98
99 ##### `ENABLE_DPHYSSWAP`=true
100 Enable swap. The size of the swapfile is chosen relative to the size of the root partition. It'll use the `dphys-swapfile` package for that.
101
99 ##### `ENABLE_QEMU`=false
102 ##### `ENABLE_QEMU`=false
100 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
103 Generate kernel (`vexpress_defconfig`), file system image (`qcow2`) and DTB files that can be used for QEMU full system emulation (`vexpress-A15`). The output files are stored in the `$(pwd)/images/qemu` directory. You can find more information about running the generated image in the QEMU section of this readme file.
101
104
102 ---
105 ---
103
106
104 #### Keyboard settings:
107 #### Keyboard settings:
105 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
108 These options are used to configure keyboard layout in `/etc/default/keyboard` for console and Xorg. These settings can also be changed inside the running OS using the `dpkg-reconfigure keyboard-configuration` command.
106
109
107 ##### `XKB_MODEL`=""
110 ##### `XKB_MODEL`=""
108 Set the name of the model of your keyboard type.
111 Set the name of the model of your keyboard type.
109
112
110 ##### `XKB_LAYOUT`=""
113 ##### `XKB_LAYOUT`=""
111 Set the supported keyboard layout(s).
114 Set the supported keyboard layout(s).
112
115
113 ##### `XKB_VARIANT`=""
116 ##### `XKB_VARIANT`=""
114 Set the supported variant(s) of the keyboard layout(s).
117 Set the supported variant(s) of the keyboard layout(s).
115
118
116 ##### `XKB_OPTIONS`=""
119 ##### `XKB_OPTIONS`=""
117 Set extra xkb configuration options.
120 Set extra xkb configuration options.
118
121
119 ---
122 ---
120
123
121 #### Networking settings (DHCP):
124 #### Networking settings (DHCP):
122 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
125 This parameter is used to set up networking auto-configuration in `/etc/systemd/network/eth.network`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.`
123
126
124 ##### `ENABLE_DHCP`=true
127 ##### `ENABLE_DHCP`=true
125 Set the system to use DHCP. This requires an DHCP server.
128 Set the system to use DHCP. This requires an DHCP server.
126
129
127 ---
130 ---
128
131
129 #### Networking settings (static):
132 #### Networking settings (static):
130 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
133 These parameters are used to set up a static networking configuration in `/etc/systemd/network/eth.network`. The following static networking parameters are only supported if `ENABLE_DHCP` was set to `false`. The default location of network configuration files in the Debian `stretch` release was changed to `/lib/systemd/network`.
131
134
132 ##### `NET_ADDRESS`=""
135 ##### `NET_ADDRESS`=""
133 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
136 Set a static IPv4 or IPv6 address and its prefix, separated by "/", eg. "192.169.0.3/24".
134
137
135 ##### `NET_GATEWAY`=""
138 ##### `NET_GATEWAY`=""
136 Set the IP address for the default gateway.
139 Set the IP address for the default gateway.
137
140
138 ##### `NET_DNS_1`=""
141 ##### `NET_DNS_1`=""
139 Set the IP address for the first DNS server.
142 Set the IP address for the first DNS server.
140
143
141 ##### `NET_DNS_2`=""
144 ##### `NET_DNS_2`=""
142 Set the IP address for the second DNS server.
145 Set the IP address for the second DNS server.
143
146
144 ##### `NET_DNS_DOMAINS`=""
147 ##### `NET_DNS_DOMAINS`=""
145 Set the default DNS search domains to use for non fully qualified hostnames.
148 Set the default DNS search domains to use for non fully qualified hostnames.
146
149
147 ##### `NET_NTP_1`=""
150 ##### `NET_NTP_1`=""
148 Set the IP address for the first NTP server.
151 Set the IP address for the first NTP server.
149
152
150 ##### `NET_NTP_2`=""
153 ##### `NET_NTP_2`=""
151 Set the IP address for the second NTP server.
154 Set the IP address for the second NTP server.
152
155
153 ---
156 ---
154
157
155 #### Basic system features:
158 #### Basic system features:
156 ##### `ENABLE_CONSOLE`=true
159 ##### `ENABLE_CONSOLE`=true
157 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
160 Enable serial console interface. Recommended if no monitor or keyboard is connected to the RPi2/3. In case of problems fe. if the network (auto) configuration failed - the serial console can be used to access the system. On RPI `0` `3` `3P` the CPU speed is locked at lowest speed.
158
161
159 ##### `ENABLE_PRINTK`=false
162 ##### `ENABLE_PRINTK`=false
160 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
163 Enables printing kernel messages to konsole. printk is `3 4 1 3` as in raspbian.
161
164
162 ##### `ENABLE_BLUETOOTH`=false
165 ##### `ENABLE_BLUETOOTH`=false
163 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
166 Enable onboard Bluetooth interface on the RPi0/3/3P. See: [Configuring the GPIO serial port on Raspbian jessie and stretch](https://spellfoundry.com/2016/05/29/configuring-gpio-serial-port-raspbian-jessie-including-pi-3/).
164
167
165 ##### `ENABLE_MINIUART_OVERLAY`=false
168 ##### `ENABLE_MINIUART_OVERLAY`=false
166 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
169 Enable Bluetooth to use this. Adds overlay to swap UART0 with UART1. Enabling (slower) Bluetooth and full speed serial console. - RPI `0` `3` `3P` have a fast `hardware UART0` (ttyAMA0) and a `mini UART1` (ttyS0)! RPI `1` `1P` `2` only have a `hardware UART0`. `UART0` is considered better, because is faster and more stable than `mini UART1`. By default the Bluetooth modem is mapped to the `hardware UART0` and `mini UART` is used for console. The `mini UART` is a problem for the serial console, because its baudrate depends on the CPU frequency, which is changing on runtime. Resulting in a volatile baudrate and thus in an unusable serial console.
167
170
168 ##### `ENABLE_TURBO`=false
171 ##### `ENABLE_TURBO`=false
169 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
172 Enable Turbo mode. This setting locks cpu at the highest frequency. As setting ENABLE_CONSOLE=true locks RPI to lowest CPU speed, this is can be used additionally to lock cpu hat max speed. Need a good power supply and probably cooling for the Raspberry PI.
170
173
171 ##### `ENABLE_I2C`=false
174 ##### `ENABLE_I2C`=false
172 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
175 Enable I2C interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
173
176
174 ##### `ENABLE_SPI`=false
177 ##### `ENABLE_SPI`=false
175 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
178 Enable SPI interface on the RPi 0/1/2/3. Please check the [RPi 0/1/2/3 pinout diagrams](https://elinux.org/RPi_Low-level_peripherals) to connect the right GPIO pins.
176
179
177 ##### `ENABLE_IPV6`=true
180 ##### `ENABLE_IPV6`=true
178 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
181 Enable IPv6 support. The network interface configuration is managed via systemd-networkd.
179
182
180 ##### `ENABLE_SSHD`=true
183 ##### `ENABLE_SSHD`=true
181 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
184 Install and enable OpenSSH service. The default configuration of the service doesn't allow `root` to login. Please use the user `pi` instead and `su -` or `sudo` to execute commands as root.
182
185
183 ##### `ENABLE_NONFREE`=false
186 ##### `ENABLE_NONFREE`=false
184 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
187 Allow the installation of non-free Debian packages that do not comply with the DFSG. This is required to install closed-source firmware binary blobs.
185
188
186 ##### `ENABLE_WIRELESS`=false
189 ##### `ENABLE_WIRELESS`=false
187 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
190 Download and install the [closed-source firmware binary blob](https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm) that is required to run the internal wireless interface of the Raspberry Pi model `3`. This parameter is ignored if the specified `RPI_MODEL` is not `3`.
188
191
189 ##### `ENABLE_RSYSLOG`=true
192 ##### `ENABLE_RSYSLOG`=true
190 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
193 If set to false, disable and uninstall rsyslog (so logs will be available only in journal files)
191
194
192 ##### `ENABLE_SOUND`=true
195 ##### `ENABLE_SOUND`=true
193 Enable sound hardware and install Advanced Linux Sound Architecture.
196 Enable sound hardware and install Advanced Linux Sound Architecture.
194
197
195 ##### `ENABLE_HWRANDOM`=true
198 ##### `ENABLE_HWRANDOM`=true
196 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
199 Enable Hardware Random Number Generator. Strong random numbers are important for most network-based communications that use encryption. It's recommended to be enabled.
197
200
198 ##### `ENABLE_MINGPU`=false
201 ##### `ENABLE_MINGPU`=false
199 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
202 Minimize the amount of shared memory reserved for the GPU. It doesn't seem to be possible to fully disable the GPU.
200
203
201 ##### `ENABLE_DBUS`=true
204 ##### `ENABLE_DBUS`=true
202 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
205 Install and enable D-Bus message bus. Please note that systemd should work without D-bus but it's recommended to be enabled.
203
206
204 ##### `ENABLE_XORG`=false
207 ##### `ENABLE_XORG`=false
205 Install Xorg open-source X Window System.
208 Install Xorg open-source X Window System.
206
209
207 ##### `ENABLE_WM`=""
210 ##### `ENABLE_WM`=""
208 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
211 Install a user-defined window manager for the X Window System. To make sure all X related package dependencies are getting installed `ENABLE_XORG` will automatically get enabled if `ENABLE_WM` is used. The `rpi23-gen-image.sh` script has been tested with the following list of window managers: `blackbox`, `openbox`, `fluxbox`, `jwm`, `dwm`, `xfce4`, `awesome`.
209
212
210 ##### `ENABLE_SYSVINIT`=false
213 ##### `ENABLE_SYSVINIT`=false
211 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
214 Support for halt,init,poweroff,reboot,runlevel,shutdown,telinit commands
212
215
213 ---
216 ---
214
217
215 #### Advanced system features:
218 #### Advanced system features:
216 ##### `ENABLE_SYSTEMDSWAP`=false
219 ##### `ENABLE_SYSTEMDSWAP`=false
217 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
220 Enables [Systemd-swap service](https://github.com/Nefelim4ag/systemd-swap). Usefull if `KERNEL_ZSWAP` is enabled.
218
221
219 ##### `ENABLE_MINBASE`=false
222 ##### `ENABLE_MINBASE`=false
220 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
223 Use debootstrap script variant `minbase` which only includes essential packages and apt. This will reduce the disk usage by about 65 MB.
221
224
222 ##### `ENABLE_REDUCE`=false
225 ##### `ENABLE_REDUCE`=false
223 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
226 Reduce the disk space usage by deleting packages and files. See `REDUCE_*` parameters for detailed information.
224
227
225 ##### `ENABLE_UBOOT`=false
228 ##### `ENABLE_UBOOT`=false
226 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
229 Replace the default RPi 0/1/2/3 second stage bootloader (bootcode.bin) with [U-Boot bootloader](https://git.denx.de/?p=u-boot.git;a=summary). U-Boot can boot images via the network using the BOOTP/TFTP protocol.
227
230
228 ##### `UBOOTSRC_DIR`=""
231 ##### `UBOOTSRC_DIR`=""
229 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
232 Path to a directory (`u-boot`) of [U-Boot bootloader sources](https://git.denx.de/?p=u-boot.git;a=summary) that will be copied, configured, build and installed inside the chroot.
230
233
231 ##### `ENABLE_FBTURBO`=false
234 ##### `ENABLE_FBTURBO`=false
232 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
235 Install and enable the [hardware accelerated Xorg video driver](https://github.com/ssvb/xf86-video-fbturbo) `fbturbo`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
233
236
234 ##### `FBTURBOSRC_DIR`=""
237 ##### `FBTURBOSRC_DIR`=""
235 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
238 Path to a directory (`xf86-video-fbturbo`) of [hardware accelerated Xorg video driver sources](https://github.com/ssvb/xf86-video-fbturbo) that will be copied, configured, build and installed inside the chroot.
236
239
237 ##### `ENABLE_VIDEOCORE`=false
240 ##### `ENABLE_VIDEOCORE`=false
238 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
241 Install and enable the [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) `vcgencmd`. Please note that this driver is currently limited to hardware accelerated window moving and scrolling.
239
242
240 ##### `VIDEOCORESRC_DIR`=""
243 ##### `VIDEOCORESRC_DIR`=""
241 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
244 Path to a directory (`userland`) of [ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
242
245
243 ##### `ENABLE_NEXMON`=false
246 ##### `ENABLE_NEXMON`=false
244 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
247 Install and enable the [Source code for a C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection](https://github.com/seemoo-lab/nexmon.git).
245
248
246 ##### `NEXMONSRC_DIR`=""
249 ##### `NEXMONSRC_DIR`=""
247 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
250 Path to a directory (`nexmon`) of [Source code for ARM side libraries for interfacing to Raspberry Pi GPU](https://github.com/raspberrypi/userland) that will be copied, configured, build and installed inside the chroot.
248
251
249 ##### `ENABLE_IPTABLES`=false
252 ##### `ENABLE_IPTABLES`=false
250 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
253 Enable iptables IPv4/IPv6 firewall. Simplified ruleset: Allow all outgoing connections. Block all incoming connections except to OpenSSH service.
251
254
252 ##### `ENABLE_USER`=true
255 ##### `ENABLE_USER`=true
253 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
256 Create non-root user with password `USER_PASSWORD`=raspberry. Unless overridden with `USER_NAME`=user, the username will be `pi`.
254
257
255 ##### `USER_NAME`=pi
258 ##### `USER_NAME`=pi
256 Non-root user to create. Ignored if `ENABLE_USER`=false
259 Non-root user to create. Ignored if `ENABLE_USER`=false
257
260
258 ##### `ENABLE_ROOT`=false
261 ##### `ENABLE_ROOT`=false
259 Set root user password so root login will be enabled
262 Set root user password so root login will be enabled
260
263
261 ##### `ENABLE_HARDNET`=false
264 ##### `ENABLE_HARDNET`=false
262 Enable IPv4/IPv6 network stack hardening settings.
265 Enable IPv4/IPv6 network stack hardening settings.
263
266
264 ##### `ENABLE_SPLITFS`=false
267 ##### `ENABLE_SPLITFS`=false
265 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
268 Enable having root partition on an USB drive by creating two image files: one for the `/boot/firmware` mount point, and another for `/`.
266
269
267 ##### `CHROOT_SCRIPTS`=""
270 ##### `CHROOT_SCRIPTS`=""
268 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
271 Path to a directory with scripts that should be run in the chroot before the image is finally built. Every executable file in this directory is run in lexicographical order.
269
272
270 ##### `ENABLE_INITRAMFS`=false
273 ##### `ENABLE_INITRAMFS`=false
271 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
274 Create an initramfs that that will be loaded during the Linux startup process. `ENABLE_INITRAMFS` will automatically get enabled if `ENABLE_CRYPTFS`=true. This parameter will be ignored if `BUILD_KERNEL`=false.
272
275
273 ##### `ENABLE_IFNAMES`=true
276 ##### `ENABLE_IFNAMES`=true
274 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
277 Enable automatic assignment of predictable, stable network interface names for all local Ethernet, WLAN interfaces. This might create complex and long interface names.
275
278
276 ##### `ENABLE_SPLASH`=true
279 ##### `ENABLE_SPLASH`=true
277 Enable default Raspberry Pi boot up rainbow splash screen.
280 Enable default Raspberry Pi boot up rainbow splash screen.
278
281
279 ##### `ENABLE_LOGO`=true
282 ##### `ENABLE_LOGO`=true
280 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
283 Enable default Raspberry Pi console logo (image of four raspberries in the top left corner).
281
284
282 ##### `ENABLE_SILENT_BOOT`=false
285 ##### `ENABLE_SILENT_BOOT`=false
283 Set the verbosity of console messages shown during boot up to a strict minimum.
286 Set the verbosity of console messages shown during boot up to a strict minimum.
284
287
285 ##### `DISABLE_UNDERVOLT_WARNINGS`=
288 ##### `DISABLE_UNDERVOLT_WARNINGS`=
286 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
289 Disable RPi2/3 under-voltage warnings and overlays. Setting the parameter to `1` will disable the warning overlay. Setting it to `2` will additionally allow RPi2/3 turbo mode when low-voltage is present.
287
290
288 ---
291 ---
289
292
290 #### SSH settings:
293 #### SSH settings:
291 ##### `SSH_ENABLE_ROOT`=false
294 ##### `SSH_ENABLE_ROOT`=false
292 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
295 Enable password-based root login via SSH. This may be a security risk with the default password set, use only in trusted environments. `ENABLE_ROOT` must be set to `true`.
293
296
294 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
297 ##### `SSH_DISABLE_PASSWORD_AUTH`=false
295 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
298 Disable password-based SSH authentication. Only public key based SSH (v2) authentication will be supported.
296
299
297 ##### `SSH_LIMIT_USERS`=false
300 ##### `SSH_LIMIT_USERS`=false
298 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
301 Limit the users that are allowed to login via SSH. Only allow user `USER_NAME`=pi and root if `SSH_ENABLE_ROOT`=true to login. This parameter will be ignored if `dropbear` SSH is used (`REDUCE_SSHD`=true).
299
302
300 ##### `SSH_ROOT_PUB_KEY`=""
303 ##### `SSH_ROOT_PUB_KEY`=""
301 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `root`. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported. `ENABLE_ROOT` **and** `SSH_ENABLE_ROOT` must be set to `true`.
302
305
303 ##### `SSH_USER_PUB_KEY`=""
306 ##### `SSH_USER_PUB_KEY`=""
304 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
307 Add SSH (v2) public key(s) from specified file to `authorized_keys` file to enable public key based SSH (v2) authentication of user `USER_NAME`=pi. The specified file can also contain multiple SSH (v2) public keys. SSH protocol version 1 is not supported.
305
308
306 ---
309 ---
307
310
308 #### Kernel compilation:
311 #### Kernel compilation:
309 ##### `BUILD_KERNEL`=true
312 ##### `BUILD_KERNEL`=true
310 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
313 Build and install the latest RPi 0/1/2/3 Linux kernel. Currently only the default RPi 0/1/2/3 kernel configuration is used.
311
314
312 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
315 ##### `CROSS_COMPILE`="arm-linux-gnueabihf-"
313 This sets the cross-compile environment for the compiler.
316 This sets the cross-compile environment for the compiler.
314
317
315 ##### `KERNEL_ARCH`="arm"
318 ##### `KERNEL_ARCH`="arm"
316 This sets the kernel architecture for the compiler.
319 This sets the kernel architecture for the compiler.
317
320
318 ##### `KERNEL_IMAGE`="kernel7.img"
321 ##### `KERNEL_IMAGE`="kernel7.img"
319 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
322 Name of the image file in the boot partition. If not set, `KERNEL_IMAGE` will be set to "kernel8.img" automatically if building for arm64.
320
323
321 ##### `KERNEL_BRANCH`=""
324 ##### `KERNEL_BRANCH`=""
322 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
325 Name of the requested branch from the GIT location for the RPi Kernel. Default is using the current default branch from the GIT site.
323
326
324 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
327 ##### `QEMU_BINARY`="/usr/bin/qemu-arm-static"
325 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
328 Sets the QEMU enviornment for the Debian archive. If not set, `QEMU_BINARY` will be set to "/usr/bin/qemu-aarch64-static" automatically if building for arm64.
326
329
327 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
330 ##### `KERNEL_DEFCONFIG`="bcm2709_defconfig"
328 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
331 Sets the default config for kernel compiling. If not set, `KERNEL_DEFCONFIG` will be set to "bcmrpi3\_defconfig" automatically if building for arm64.
329
332
330 ##### `KERNEL_REDUCE`=false
333 ##### `KERNEL_REDUCE`=false
331 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
334 Reduce the size of the generated kernel by removing unwanted devices, network and filesystem drivers (experimental).
332
335
333 ##### `KERNEL_THREADS`=1
336 ##### `KERNEL_THREADS`=1
334 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
337 Number of parallel kernel building threads. If the parameter is left untouched the script will automatically determine the number of CPU cores to set the number of parallel threads to speed the kernel compilation.
335
338
336 ##### `KERNEL_HEADERS`=true
339 ##### `KERNEL_HEADERS`=true
337 Install kernel headers with the built kernel.
340 Install kernel headers with the built kernel.
338
341
339 ##### `KERNEL_MENUCONFIG`=false
342 ##### `KERNEL_MENUCONFIG`=false
340 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
343 Start `make menuconfig` interactive menu-driven kernel configuration. The script will continue after `make menuconfig` was terminated.
341
344
342 ##### `KERNEL_OLDDEFCONFIG`=false
345 ##### `KERNEL_OLDDEFCONFIG`=false
343 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
346 Run `make olddefconfig` to automatically set all new kernel configuration options to their recommended default values.
344
347
345 ##### `KERNEL_CCACHE`=false
348 ##### `KERNEL_CCACHE`=false
346 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
349 Compile the kernel using ccache. This speeds up kernel recompilation by caching previous compilations and detecting when the same compilation is being done again.
347
350
348 ##### `KERNEL_REMOVESRC`=true
351 ##### `KERNEL_REMOVESRC`=true
349 Remove all kernel sources from the generated OS image after it was built and installed.
352 Remove all kernel sources from the generated OS image after it was built and installed.
350
353
351 ##### `KERNELSRC_DIR`=""
354 ##### `KERNELSRC_DIR`=""
352 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
355 Path to a directory (`linux`) of [RaspberryPi Linux kernel sources](https://github.com/raspberrypi/linux) that will be copied, configured, build and installed inside the chroot.
353
356
354 ##### `KERNELSRC_CLEAN`=false
357 ##### `KERNELSRC_CLEAN`=false
355 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
358 Clean the existing kernel sources directory `KERNELSRC_DIR` (using `make mrproper`) after it was copied to the chroot and before the compilation of the kernel has started. This parameter will be ignored if no `KERNELSRC_DIR` was specified or if `KERNELSRC_PREBUILT`=true.
356
359
357 ##### `KERNELSRC_CONFIG`=true
360 ##### `KERNELSRC_CONFIG`=true
358 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
361 Run `make bcm2709_defconfig` (and optional `make menuconfig`) to configure the kernel sources before building. This parameter is automatically set to `true` if no existing kernel sources directory was specified using `KERNELSRC_DIR`. This parameter is ignored if `KERNELSRC_PREBUILT`=true.
359
362
360 ##### `KERNELSRC_USRCONFIG`=""
363 ##### `KERNELSRC_USRCONFIG`=""
361 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
364 Copy own config file to kernel `.config`. If `KERNEL_MENUCONFIG`=true then running after copy.
362
365
363 ##### `KERNELSRC_PREBUILT`=false
366 ##### `KERNELSRC_PREBUILT`=false
364 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
367 With this parameter set to true the script expects the existing kernel sources directory to be already successfully cross-compiled. The parameters `KERNELSRC_CLEAN`, `KERNELSRC_CONFIG`, `KERNELSRC_USRCONFIG` and `KERNEL_MENUCONFIG` are ignored and no kernel compilation tasks are performed.
365
368
366 ##### `RPI_FIRMWARE_DIR`=""
369 ##### `RPI_FIRMWARE_DIR`=""
367 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
370 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
368
371
369 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
372 ##### `KERNEL_DEFAULT_GOV`="ONDEMAND"
370 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
373 Set the default cpu governor at kernel compilation. Supported values are: PERFORMANCE POWERSAVE USERSPACE ONDEMAND CONSERVATIVE SCHEDUTIL
371
374
372 ##### `KERNEL_NF`=false
375 ##### `KERNEL_NF`=false
373 Enable Netfilter modules as kernel modules
376 Enable Netfilter modules as kernel modules
374
377
375 ##### `KERNEL_VIRT`=false
378 ##### `KERNEL_VIRT`=false
376 Enable Kernel KVM support (/dev/kvm)
379 Enable Kernel KVM support (/dev/kvm)
377
380
378 ##### `KERNEL_ZSWAP`=false
381 ##### `KERNEL_ZSWAP`=false
379 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
382 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
380
383
381 ##### `KERNEL_BPF`=true
384 ##### `KERNEL_BPF`=true
382 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
385 Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
383
386
384 ##### `KERNEL_SECURITY`=false
387 ##### `KERNEL_SECURITY`=false
385 Enables Apparmor, integrity subsystem, auditing
388 Enables Apparmor, integrity subsystem, auditing.
389
386 ---
390 ---
387
391
388 #### Reduce disk usage:
392 #### Reduce disk usage:
389 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
393 The following list of parameters is ignored if `ENABLE_REDUCE`=false.
390
394
391 ##### `REDUCE_APT`=true
395 ##### `REDUCE_APT`=true
392 Configure APT to use compressed package repository lists and no package caching files.
396 Configure APT to use compressed package repository lists and no package caching files.
393
397
394 ##### `REDUCE_DOC`=true
398 ##### `REDUCE_DOC`=true
395 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
399 Remove all doc files (harsh). Configure APT to not include doc files on future `apt-get` package installations.
396
400
397 ##### `REDUCE_MAN`=true
401 ##### `REDUCE_MAN`=true
398 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
402 Remove all man pages and info files (harsh). Configure APT to not include man pages on future `apt-get` package installations.
399
403
400 ##### `REDUCE_VIM`=false
404 ##### `REDUCE_VIM`=false
401 Replace `vim-tiny` package by `levee` a tiny vim clone.
405 Replace `vim-tiny` package by `levee` a tiny vim clone.
402
406
403 ##### `REDUCE_BASH`=false
407 ##### `REDUCE_BASH`=false
404 Remove `bash` package and switch to `dash` shell (experimental).
408 Remove `bash` package and switch to `dash` shell (experimental).
405
409
406 ##### `REDUCE_HWDB`=true
410 ##### `REDUCE_HWDB`=true
407 Remove PCI related hwdb files (experimental).
411 Remove PCI related hwdb files (experimental).
408
412
409 ##### `REDUCE_SSHD`=true
413 ##### `REDUCE_SSHD`=true
410 Replace `openssh-server` with `dropbear`.
414 Replace `openssh-server` with `dropbear`.
411
415
412 ##### `REDUCE_LOCALE`=true
416 ##### `REDUCE_LOCALE`=true
413 Remove all `locale` translation files.
417 Remove all `locale` translation files.
414
418
415 ---
419 ---
416
420
417 #### Encrypted root partition:
421 #### Encrypted root partition:
418 ##### `ENABLE_CRYPTFS`=false
422 ##### `ENABLE_CRYPTFS`=false
419 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
423 Enable full system encryption with dm-crypt. Setup a fully LUKS encrypted root partition (aes-xts-plain64:sha512) and generate required initramfs. The /boot directory will not be encrypted. This parameter will be ignored if `BUILD_KERNEL`=false. `ENABLE_CRYPTFS` is experimental. SSH-to-initramfs is currently not supported but will be soon - feel free to help.
420
424
421 ##### `CRYPTFS_PASSWORD`=""
425 ##### `CRYPTFS_PASSWORD`=""
422 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
426 Set password of the encrypted root partition. This parameter is mandatory if `ENABLE_CRYPTFS`=true.
423
427
424 ##### `CRYPTFS_MAPPING`="secure"
428 ##### `CRYPTFS_MAPPING`="secure"
425 Set name of dm-crypt managed device-mapper mapping.
429 Set name of dm-crypt managed device-mapper mapping.
426
430
427 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
431 ##### `CRYPTFS_CIPHER`="aes-xts-plain64:sha512"
428 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
432 Set cipher specification string. `aes-xts*` ciphers are strongly recommended.
429
433
430 ##### `CRYPTFS_XTSKEYSIZE`=512
434 ##### `CRYPTFS_XTSKEYSIZE`=512
431 Sets key size in bits. The argument has to be a multiple of 8.
435 Sets key size in bits. The argument has to be a multiple of 8.
432
436
433 ##### `CRYPTFS_DROPBEAR`=false
437 ##### `CRYPTFS_DROPBEAR`=false
434 Enable Dropbear Initramfs support
438 Enable Dropbear Initramfs support
435
439
436 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
440 ##### `CRYPTFS_DROPBEAR_PUBKEY`=""
437 Provide path to dropbear Public RSA-OpenSSH Key
441 Provide path to dropbear Public RSA-OpenSSH Key
438
442
439 ---
443 ---
440
444
441 #### Build settings:
445 #### Build settings:
442 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
446 ##### `BASEDIR`=$(pwd)/images/${RELEASE}
443 Set a path to a working directory used by the script to generate an image.
447 Set a path to a working directory used by the script to generate an image.
444
448
445 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
449 ##### `IMAGE_NAME`=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}
446 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
450 Set a filename for the output file(s). Note: the script will create $IMAGE_NAME.img if `ENABLE_SPLITFS`=false or $IMAGE_NAME-frmw.img and $IMAGE_NAME-root.img if `ENABLE_SPLITFS`=true. Note 2: If the KERNEL_BRANCH is not set, the word "CURRENT" is used.
447
451
448 ## Understanding the script
452 ## Understanding the script
449 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
453 The functions of this script that are required for the different stages of the bootstrapping are split up into single files located inside the `bootstrap.d` directory. During the bootstrapping every script in this directory gets executed in lexicographical order:
450
454
451 | Script | Description |
455 | Script | Description |
452 | --- | --- |
456 | --- | --- |
453 | `10-bootstrap.sh` | Debootstrap basic system |
457 | `10-bootstrap.sh` | Debootstrap basic system |
454 | `11-apt.sh` | Setup APT repositories |
458 | `11-apt.sh` | Setup APT repositories |
455 | `12-locale.sh` | Setup Locales and keyboard settings |
459 | `12-locale.sh` | Setup Locales and keyboard settings |
456 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
460 | `13-kernel.sh` | Build and install RPi 0/1/2/3 Kernel |
457 | `14-fstab.sh` | Setup fstab and initramfs |
461 | `14-fstab.sh` | Setup fstab and initramfs |
458 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
462 | `15-rpi-config.sh` | Setup RPi 0/1/2/3 config and cmdline |
459 | `20-networking.sh` | Setup Networking |
463 | `20-networking.sh` | Setup Networking |
460 | `21-firewall.sh` | Setup Firewall |
464 | `21-firewall.sh` | Setup Firewall |
461 | `30-security.sh` | Setup Users and Security settings |
465 | `30-security.sh` | Setup Users and Security settings |
462 | `31-logging.sh` | Setup Logging |
466 | `31-logging.sh` | Setup Logging |
463 | `32-sshd.sh` | Setup SSH and public keys |
467 | `32-sshd.sh` | Setup SSH and public keys |
464 | `41-uboot.sh` | Build and Setup U-Boot |
468 | `41-uboot.sh` | Build and Setup U-Boot |
465 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
469 | `42-fbturbo.sh` | Build and Setup fbturbo Xorg driver |
466 | `43-videocore.sh` | Build and Setup videocore libraries |
470 | `43-videocore.sh` | Build and Setup videocore libraries |
467 | `50-firstboot.sh` | First boot actions |
471 | `50-firstboot.sh` | First boot actions |
468 | `99-reduce.sh` | Reduce the disk space usage |
472 | `99-reduce.sh` | Reduce the disk space usage |
469
473
470 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
474 All the required configuration files that will be copied to the generated OS image are located inside the `files` directory. It is not recommended to modify these configuration files manually.
471
475
472 | Directory | Description |
476 | Directory | Description |
473 | --- | --- |
477 | --- | --- |
474 | `apt` | APT management configuration files |
478 | `apt` | APT management configuration files |
475 | `boot` | Boot and RPi 0/1/2/3 configuration files |
479 | `boot` | Boot and RPi 0/1/2/3 configuration files |
476 | `dpkg` | Package Manager configuration |
480 | `dpkg` | Package Manager configuration |
477 | `etc` | Configuration files and rc scripts |
481 | `etc` | Configuration files and rc scripts |
478 | `firstboot` | Scripts that get executed on first boot |
482 | `firstboot` | Scripts that get executed on first boot |
479 | `initramfs` | Initramfs scripts |
483 | `initramfs` | Initramfs scripts |
480 | `iptables` | Firewall configuration files |
484 | `iptables` | Firewall configuration files |
481 | `locales` | Locales configuration |
485 | `locales` | Locales configuration |
482 | `modules` | Kernel Modules configuration |
486 | `modules` | Kernel Modules configuration |
483 | `mount` | Fstab configuration |
487 | `mount` | Fstab configuration |
484 | `network` | Networking configuration files |
488 | `network` | Networking configuration files |
485 | `sysctl.d` | Swapping and Network Hardening configuration |
489 | `sysctl.d` | Swapping and Network Hardening configuration |
486 | `xorg` | fbturbo Xorg driver configuration |
490 | `xorg` | fbturbo Xorg driver configuration |
487
491
488 ## Custom packages and scripts
492 ## Custom packages and scripts
489 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
493 Debian custom packages, i.e. those not in the debian repositories, can be installed by placing them in the `packages` directory. They are installed immediately after packages from the repositories are installed. Any dependencies listed in the custom packages will be downloaded automatically from the repositories. Do not list these custom packages in `APT_INCLUDES`.
490
494
491 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
495 Scripts in the custom.d directory will be executed after all other installation is complete but before the image is created.
492
496
493 ## Logging of the bootstrapping process
497 ## Logging of the bootstrapping process
494 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
498 All information related to the bootstrapping process and the commands executed by the `rpi23-gen-image.sh` script can easily be saved into a logfile. The common shell command `script` can be used for this purpose:
495
499
496 ```shell
500 ```shell
497 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
501 script -c 'APT_SERVER=ftp.de.debian.org ./rpi23-gen-image.sh' ./build.log
498 ```
502 ```
499
503
500 ## Flashing the image file
504 ## Flashing the image file
501 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
505 After the image file was successfully created by the `rpi23-gen-image.sh` script it can be copied to the microSD card that will be used by the RPi 0/1/2/3 computer. This can be performed by using the tools `bmaptool` or `dd`. Using `bmaptool` will probably speed-up the copy process because `bmaptool` copies more wisely than `dd`.
502
506
503 ##### Flashing examples:
507 ##### Flashing examples:
504 ```shell
508 ```shell
505 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
509 bmaptool copy ./images/buster/2017-01-23-rpi3-buster.img /dev/mmcblk0
506 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
510 dd bs=4M if=./images/buster/2017-01-23-rpi3-buster.img of=/dev/mmcblk0
507 ```
511 ```
508 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
512 If you have set `ENABLE_SPLITFS`, copy the `-frmw` image on the microSD card, then the `-root` one on the USB drive:
509 ```shell
513 ```shell
510 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
514 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-frmw.img /dev/mmcblk0
511 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
515 bmaptool copy ./images/buster/2017-01-23-rpi3-buster-root.img /dev/sdc
512 ```
516 ```
513
517
514 ## QEMU emulation
518 ## QEMU emulation
515 Start QEMU full system emulation:
519 Start QEMU full system emulation:
516 ```shell
520 ```shell
517 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
521 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=tty1"
518 ```
522 ```
519
523
520 Start QEMU full system emulation and output to console:
524 Start QEMU full system emulation and output to console:
521 ```shell
525 ```shell
522 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
526 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
523 ```
527 ```
524
528
525 Start QEMU full system emulation with SMP and output to console:
529 Start QEMU full system emulation with SMP and output to console:
526 ```shell
530 ```shell
527 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
531 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -smp cpus=2,maxcpus=2 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -append "root=/dev/mmcblk0p2 rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
528 ```
532 ```
529
533
530 Start QEMU full system emulation with cryptfs, initramfs and output to console:
534 Start QEMU full system emulation with cryptfs, initramfs and output to console:
531 ```shell
535 ```shell
532 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
536 qemu-system-arm -m 2048M -M vexpress-a15 -cpu cortex-a15 -kernel kernel7.img -no-reboot -dtb vexpress-v2p-ca15_a7.dtb -sd ${IMAGE_NAME}.qcow2 -initrd "initramfs-${KERNEL_VERSION}" -append "root=/dev/mapper/secure cryptdevice=/dev/mmcblk0p2:secure rw rootfstype=ext4 console=ttyAMA0,115200 init=/bin/systemd" -serial stdio
533 ```
537 ```
534
538
535 ## External links and references
539 ## External links and references
536 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
540 * [Debian worldwide mirror sites](https://www.debian.org/mirror/list)
537 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
541 * [Debian Raspberry Pi 2 Wiki](https://wiki.debian.org/RaspberryPi2)
538 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
542 * [Debian CrossToolchains Wiki](https://wiki.debian.org/CrossToolchains)
539 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
543 * [Official Raspberry Pi Firmware on github](https://github.com/raspberrypi/firmware)
540 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
544 * [Official Raspberry Pi Kernel on github](https://github.com/raspberrypi/linux)
541 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
545 * [U-BOOT git repository](https://git.denx.de/?p=u-boot.git;a=summary)
542 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
546 * [Xorg DDX driver fbturbo](https://github.com/ssvb/xf86-video-fbturbo)
543 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm80211/brcm)
547 * [RPi3 Wireless interface firmware](https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm)
544 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
548 * [Collabora RPi2 Kernel precompiled](https://repositories.collabora.co.uk/debian/)
@@ -1,66 +1,66
1 #
1 #
2 # Setup Locales and keyboard settings
2 # Setup Locales and keyboard settings
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup timezone
8 # Install and setup timezone
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
9 echo "${TIMEZONE}" > "${ETC_DIR}/timezone"
10 if [ -f "${ETC_DIR}/localtime" ]; then
10 if [ -f "${ETC_DIR}/localtime" ]; then
11 # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created
11 # 1. If 11-apt.sh upgrades the package 'tzdata', '/etc/localtime' was created
12 # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get.
12 # because 'dpkg-reconfigure -f noninteractive tzdata' was executed by apt-get.
13 # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata'
13 # 2. If '/etc/localtime' exists, our execution of 'dpkg-reconfigure -f noninteractive tzdata'
14 # will ignore the our timezone set in '/etc/timezone'.
14 # will ignore the our timezone set in '/etc/timezone'.
15 # 3. Removing /etc/localtime will solve this.
15 # 3. Removing /etc/localtime will solve this.
16 rm -f "${ETC_DIR}/localtime"
16 rm -f "${ETC_DIR}/localtime"
17 fi
17 fi
18 chroot_exec dpkg-reconfigure -f noninteractive tzdata
18 chroot_exec dpkg-reconfigure -f noninteractive tzdata
19
19
20 # Install and setup default locale and keyboard configuration
20 # Install and setup default locale and keyboard configuration
21 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
21 if [ "$(echo "$APT_INCLUDES" | grep ",locales")" ] ; then
22 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
22 # Set locale choice in debconf db, even though dpkg-reconfigure ignores and overwrites them due to some bug
23 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
23 # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685957
24 # ... so we have to set locales manually
24 # ... so we have to set locales manually
25 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
25 if [ "$DEFLOCAL" = "en_US.UTF-8" ] ; then
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8" | debconf-set-selections
26 chroot_exec echo "locales locales/locales_to_be_generated multiselect ${DEFLOCAL} UTF-8 | debconf-set-selections"
27 else
27 else
28 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
28 # en_US.UTF-8 should be available anyway : https://www.debian.org/doc/manuals/debian-reference/ch08.en.html#_the_reconfiguration_of_the_locale
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8" | debconf-set-selections
29 chroot_exec echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, ${DEFLOCAL} UTF-8 | debconf-set-selections"
30 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
30 sed -i "/en_US.UTF-8/s/^#//" "${ETC_DIR}/locale.gen"
31 fi
31 fi
32
32
33 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
33 sed -i "/${DEFLOCAL}/s/^#//" "${ETC_DIR}/locale.gen"
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL}" | debconf-set-selections
34 chroot_exec echo "locales locales/default_environment_locale select ${DEFLOCAL} | debconf-set-selections"
35 chroot_exec locale-gen
35 chroot_exec locale-gen
36 chroot_exec update-locale LANG="${DEFLOCAL}"
36 chroot_exec update-locale LANG="${DEFLOCAL}"
37
37
38 # Install and setup default keyboard configuration
38 # Install and setup default keyboard configuration
39 if [ "$XKB_MODEL" != "" ] ; then
39 if [ "$XKB_MODEL" != "" ] ; then
40 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
40 sed -i "s/^XKBMODEL.*/XKBMODEL=\"${XKB_MODEL}\"/" "${ETC_DIR}/default/keyboard"
41 fi
41 fi
42 if [ "$XKB_LAYOUT" != "" ] ; then
42 if [ "$XKB_LAYOUT" != "" ] ; then
43 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
43 sed -i "s/^XKBLAYOUT.*/XKBLAYOUT=\"${XKB_LAYOUT}\"/" "${ETC_DIR}/default/keyboard"
44 fi
44 fi
45 if [ "$XKB_VARIANT" != "" ] ; then
45 if [ "$XKB_VARIANT" != "" ] ; then
46 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
46 sed -i "s/^XKBVARIANT.*/XKBVARIANT=\"${XKB_VARIANT}\"/" "${ETC_DIR}/default/keyboard"
47 fi
47 fi
48 if [ "$XKB_OPTIONS" != "" ] ; then
48 if [ "$XKB_OPTIONS" != "" ] ; then
49 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
49 sed -i "s/^XKBOPTIONS.*/XKBOPTIONS=\"${XKB_OPTIONS}\"/" "${ETC_DIR}/default/keyboard"
50 fi
50 fi
51 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
51 chroot_exec dpkg-reconfigure -f noninteractive keyboard-configuration
52
52
53 # Install and setup font console
53 # Install and setup font console
54 case "${DEFLOCAL}" in
54 case "${DEFLOCAL}" in
55 *UTF-8)
55 *UTF-8)
56 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
56 sed -i 's/^CHARMAP.*/CHARMAP="UTF-8"/' "${ETC_DIR}/default/console-setup"
57 ;;
57 ;;
58 *)
58 *)
59 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
59 sed -i 's/^CHARMAP.*/CHARMAP="guess"/' "${ETC_DIR}/default/console-setup"
60 ;;
60 ;;
61 esac
61 esac
62 chroot_exec dpkg-reconfigure -f noninteractive console-setup
62 chroot_exec dpkg-reconfigure -f noninteractive console-setup
63 else # (no locales were installed)
63 else # (no locales were installed)
64 # Install POSIX default locale
64 # Install POSIX default locale
65 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
65 install_readonly files/locales/locale "${ETC_DIR}/default/locale"
66 fi
66 fi
@@ -1,642 +1,650
1 #
1 #
2 # Build and Setup RPi2/3 Kernel
2 # Build and Setup RPi2/3 Kernel
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Need to use kali kernel src if nexmon is enabled
8 # Need to use kali kernel src if nexmon is enabled
9 if [ "$ENABLE_NEXMON" = true ] ; then
9 if [ "$ENABLE_NEXMON" = true ] ; then
10 KERNEL_URL="${KALI_KERNEL_URL}"
10 KERNEL_URL="${KALI_KERNEL_URL}"
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
11 # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
12 KERNEL_BRANCH=""
12 KERNEL_BRANCH=""
13 KERNELSRC_DIR=""
13 KERNELSRC_DIR=""
14 fi
14 fi
15
15
16 # Fetch and build latest raspberry kernel
16 # Fetch and build latest raspberry kernel
17 if [ "$BUILD_KERNEL" = true ] ; then
17 if [ "$BUILD_KERNEL" = true ] ; then
18 # Setup source directory
18 # Setup source directory
19 mkdir -p "${KERNEL_DIR}"
19 mkdir -p "${KERNEL_DIR}"
20
20
21 # Copy existing kernel sources into chroot directory
21 # Copy existing kernel sources into chroot directory
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
22 if [ -n "$KERNELSRC_DIR" ] && [ -d "$KERNELSRC_DIR" ] ; then
23 # Copy kernel sources and include hidden files
23 # Copy kernel sources and include hidden files
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
24 cp -r "${KERNELSRC_DIR}/". "${KERNEL_DIR}"
25
25
26 # Clean the kernel sources
26 # Clean the kernel sources
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
27 if [ "$KERNELSRC_CLEAN" = true ] && [ "$KERNELSRC_PREBUILT" = false ] ; then
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
28 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" mrproper
29 fi
29 fi
30 else # KERNELSRC_DIR=""
30 else # KERNELSRC_DIR=""
31 # Create temporary directory for kernel sources
31 # Create temporary directory for kernel sources
32 temp_dir=$(as_nobody mktemp -d)
32 temp_dir=$(as_nobody mktemp -d)
33
33
34 # Fetch current RPi2/3 kernel sources
34 # Fetch current RPi2/3 kernel sources
35 if [ -z "${KERNEL_BRANCH}" ] ; then
35 if [ -z "${KERNEL_BRANCH}" ] ; then
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
36 as_nobody -H git -C "${temp_dir}" clone --depth=1 "${KERNEL_URL}" linux
37 else
37 else
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
38 as_nobody -H git -C "${temp_dir}" clone --depth=1 --branch "${KERNEL_BRANCH}" "${KERNEL_URL}" linux
39 fi
39 fi
40
40
41 # Copy downloaded kernel sources
41 # Copy downloaded kernel sources
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
42 cp -r "${temp_dir}/linux/"* "${KERNEL_DIR}"
43
43
44 # Remove temporary directory for kernel sources
44 # Remove temporary directory for kernel sources
45 rm -fr "${temp_dir}"
45 rm -fr "${temp_dir}"
46
46
47 # Set permissions of the kernel sources
47 # Set permissions of the kernel sources
48 chown -R root:root "${R}/usr/src"
48 chown -R root:root "${R}/usr/src"
49 fi
49 fi
50
50
51 # Calculate optimal number of kernel building threads
51 # Calculate optimal number of kernel building threads
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
52 if [ "$KERNEL_THREADS" = "1" ] && [ -r /proc/cpuinfo ] ; then
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
53 KERNEL_THREADS=$(grep -c processor /proc/cpuinfo)
54 fi
54 fi
55
55
56 # Configure and build kernel
56 # Configure and build kernel
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
57 if [ "$KERNELSRC_PREBUILT" = false ] ; then
58 # Remove device, network and filesystem drivers from kernel configuration
58 # Remove device, network and filesystem drivers from kernel configuration
59 if [ "$KERNEL_REDUCE" = true ] ; then
59 if [ "$KERNEL_REDUCE" = true ] ; then
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
60 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
61 sed -i\
61 sed -i\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
62 -e "s/\(^CONFIG_SND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
63 -e "s/\(^CONFIG_SOUND.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
64 -e "s/\(^CONFIG_AC97.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
65 -e "s/\(^CONFIG_VIDEO_.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
66 -e "s/\(^CONFIG_MEDIA_TUNER.*\=\).*/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
67 -e "s/\(^CONFIG_DVB.*\=\)[ym]/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
68 -e "s/\(^CONFIG_REISERFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
69 -e "s/\(^CONFIG_JFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
70 -e "s/\(^CONFIG_XFS.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
71 -e "s/\(^CONFIG_GFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
72 -e "s/\(^CONFIG_OCFS2.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
73 -e "s/\(^CONFIG_BTRFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
74 -e "s/\(^CONFIG_HFS.*\=\).*/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
75 -e "s/\(^CONFIG_JFFS2.*\=\)[ym]/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
76 -e "s/\(^CONFIG_UBIFS.*\=\).*/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
77 -e "s/\(^CONFIG_SQUASHFS.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
78 -e "s/\(^CONFIG_W1.*\=\)[ym]/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
79 -e "s/\(^CONFIG_HAMRADIO.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
80 -e "s/\(^CONFIG_CAN.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
81 -e "s/\(^CONFIG_IRDA.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
82 -e "s/\(^CONFIG_BT_.*\=\).*/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
83 -e "s/\(^CONFIG_WIMAX.*\=\)[ym]/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
84 -e "s/\(^CONFIG_6LOWPAN.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
85 -e "s/\(^CONFIG_IEEE802154.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
86 -e "s/\(^CONFIG_NFC.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
87 -e "s/\(^CONFIG_FB_TFT=.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
88 -e "s/\(^CONFIG_TOUCHSCREEN.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
89 -e "s/\(^CONFIG_USB_GSPCA_.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
90 -e "s/\(^CONFIG_DRM.*\=\).*/\1n/"\
91 "${KERNEL_DIR}/.config"
91 "${KERNEL_DIR}/.config"
92 fi
92 fi
93
93
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
94 if [ "$KERNELSRC_CONFIG" = true ] ; then
95 # Load default raspberry kernel configuration
95 # Load default raspberry kernel configuration
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
96 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
97
97
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
98 #Switch to KERNELSRC_DIR so we can use set_kernel_config
99 cd "${KERNEL_DIR}" || exit
99 cd "${KERNEL_DIR}" || exit
100
100
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
101 if [ "$KERNEL_ARCH" = arm64 ] ; then
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
102 #Fix SD_DRIVER upstream and downstream mess in 64bit RPIdeb_config
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
103 # use correct driver MMC_BCM2835_MMC instead of MMC_BCM2835_SDHOST - see https://www.raspberrypi.org/forums/viewtopic.php?t=210225
104 set_kernel_config CONFIG_MMC_BCM2835 n
104 set_kernel_config CONFIG_MMC_BCM2835 n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
105 set_kernel_config CONFIG_MMC_SDHCI_IPROC n
106 set_kernel_config CONFIG_USB_DWC2 n
106 set_kernel_config CONFIG_USB_DWC2 n
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
107 sed -i "s|depends on MMC_BCM2835_MMC && MMC_BCM2835_DMA|depends on MMC_BCM2835_MMC|" "${KERNEL_DIR}"/drivers/mmc/host/Kconfig
108
108
109 #VLAN got disabled without reason in arm64bit
109 #VLAN got disabled without reason in arm64bit
110 set_kernel_config CONFIG_IPVLAN m
110 set_kernel_config CONFIG_IPVLAN m
111
111
112 #V4L2 sub-device userspace API
112 #V4L2 sub-device userspace API
113 #set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
113 #set_kernel_config CONFIG_VIDEO_V4L2_SUBDEV_API y
114 #VIDEO_MUX y
114 #VIDEO_MUX y
115 #VIDEO_XILINX n
115 #VIDEO_XILINX n
116 #VIDEO_XILINX_TPG n
116 #VIDEO_XILINX_TPG n
117 #VIDEO_ADV7180 m
117 #VIDEO_ADV7180 m
118
118
119 # GPIO-based bitbanging SPI Master
119 # GPIO-based bitbanging SPI Master
120 set_kernel_config CONFIG_SPI_GPIO m
120 set_kernel_config CONFIG_SPI_GPIO m
121 #SPI Slave protocol
121 #SPI Slave protocol
122 set_kernel_config CONFIG_SPI_SLAVE y
122 set_kernel_config CONFIG_SPI_SLAVE y
123 set_kernel_config CONFIG_SPI_SLAVE_TIME m
123 set_kernel_config CONFIG_SPI_SLAVE_TIME m
124 set_kernel_config CONFIG_SPI_SLAVE_SYSTEM_CONTROL m
124 set_kernel_config CONFIG_SPI_SLAVE_SYSTEM_CONTROL m
125
125
126 # Virtual (secure) IP: tunneling
126 # Virtual (secure) IP: tunneling
127 set_kernel_config CONFIG_NET_IPVTI m
127 set_kernel_config CONFIG_NET_IPVTI m
128
128
129 #Wlan driver debug info
129 #Wlan driver debug info
130 set_kernel_config CONFIG_BRCMDBG m
130 set_kernel_config CONFIG_BRCMDBG m
131
131
132 #GPIO WATCHDOG
132 #GPIO WATCHDOG
133 set_kernel_config CONFIG_GPIO_WATCHDOG m
133 set_kernel_config CONFIG_GPIO_WATCHDOG m
134
134
135 #Camera
135 #Camera
136 set_kernel_config VIDEO_BCM2835 m
136 set_kernel_config VIDEO_BCM2835 m
137 set_kernel_config VIDEO_BCM2835_UNICAM m
137 set_kernel_config VIDEO_BCM2835_UNICAM m
138 fi
138 fi
139
139
140 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
140 # enable ZSWAP see https://askubuntu.com/a/472227 or https://wiki.archlinux.org/index.php/zswap
141 if [ "$KERNEL_ZSWAP" = true ] ; then
141 if [ "$KERNEL_ZSWAP" = true ] ; then
142 set_kernel_config CONFIG_ZPOOL y
142 set_kernel_config CONFIG_ZPOOL y
143 set_kernel_config CONFIG_ZSWAP y
143 set_kernel_config CONFIG_ZSWAP y
144 set_kernel_config CONFIG_ZBUD y
144 set_kernel_config CONFIG_ZBUD y
145 set_kernel_config CONFIG_Z3FOLD y
145 set_kernel_config CONFIG_Z3FOLD y
146 set_kernel_config CONFIG_ZSMALLOC y
146 set_kernel_config CONFIG_ZSMALLOC y
147 set_kernel_config CONFIG_PGTABLE_MAPPING y
147 set_kernel_config CONFIG_PGTABLE_MAPPING y
148 set_kernel_config CONFIG_LZO_COMPRESS y
148 set_kernel_config CONFIG_LZO_COMPRESS y
149
149
150 fi
150 fi
151
151
152 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
152 # enable basic KVM support; see https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=210546&start=25#p1300453
153 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
153 if [ "$KERNEL_VIRT" = true ] && { [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
154 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
154 set_kernel_config CONFIG_HAVE_KVM_IRQCHIP y
155 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
155 set_kernel_config CONFIG_HAVE_KVM_ARCH_TLB_FLUSH_ALL y
156 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
156 set_kernel_config CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT y
157 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
157 set_kernel_config CONFIG_HAVE_KVM_EVENTFD y
158 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
158 set_kernel_config CONFIG_HAVE_KVM_IRQFD y
159 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
159 set_kernel_config CONFIG_HAVE_KVM_IRQ_ROUTING y
160 set_kernel_config CONFIG_HAVE_KVM_MSI y
160 set_kernel_config CONFIG_HAVE_KVM_MSI y
161 set_kernel_config CONFIG_KVM y
161 set_kernel_config CONFIG_KVM y
162 set_kernel_config CONFIG_KVM_ARM_HOST y
162 set_kernel_config CONFIG_KVM_ARM_HOST y
163 set_kernel_config CONFIG_KVM_ARM_PMU y
163 set_kernel_config CONFIG_KVM_ARM_PMU y
164 set_kernel_config CONFIG_KVM_COMPAT y
164 set_kernel_config CONFIG_KVM_COMPAT y
165 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
165 set_kernel_config CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT y
166 set_kernel_config CONFIG_KVM_MMIO y
166 set_kernel_config CONFIG_KVM_MMIO y
167 set_kernel_config CONFIG_KVM_VFIO y
167 set_kernel_config CONFIG_KVM_VFIO y
168 set_kernel_config CONFIG_VHOST m
168 set_kernel_config CONFIG_VHOST m
169 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
169 set_kernel_config CONFIG_VHOST_CROSS_ENDIAN_LEGACY y
170 set_kernel_config CONFIG_VHOST_NET m
170 set_kernel_config CONFIG_VHOST_NET m
171 set_kernel_config CONFIG_VIRTUALIZATION y
171 set_kernel_config CONFIG_VIRTUALIZATION y
172
172
173 set_kernel_config CONFIG_MMU_NOTIFIER y
173 set_kernel_config CONFIG_MMU_NOTIFIER y
174
174
175 # erratum
175 # erratum
176 set_kernel_config ARM64_ERRATUM_834220 y
176 set_kernel_config ARM64_ERRATUM_834220 y
177
177
178 # https://sourceforge.net/p/kvm/mailman/message/18440797/
178 # https://sourceforge.net/p/kvm/mailman/message/18440797/
179 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
179 set_kernel_config CONFIG_PREEMPT_NOTIFIERS y
180 fi
180 fi
181
181
182 # enable apparmor,integrity audit,
182 # enable apparmor,integrity audit,
183 if [ "$KERNEL_SECURITY" = true ] ; then
183 if [ "$KERNEL_SECURITY" = true ] ; then
184
184
185 # security filesystem, security models and audit
185 # security filesystem, security models and audit
186 set_kernel_config CONFIG_SECURITYFS y
186 set_kernel_config CONFIG_SECURITYFS y
187 set_kernel_config CONFIG_SECURITY y
187 set_kernel_config CONFIG_SECURITY y
188 set_kernel_config CONFIG_AUDIT y
188 set_kernel_config CONFIG_AUDIT y
189
189
190 # harden strcpy and memcpy
190 # harden strcpy and memcpy
191 set_kernel_config CONFIG_HARDENED_USERCOPY y
191 set_kernel_config CONFIG_HARDENED_USERCOPY y
192 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
192 set_kernel_config CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR y
193 set_kernel_config CONFIG_FORTIFY_SOURCE y
193 set_kernel_config CONFIG_FORTIFY_SOURCE y
194
194
195 # integrity sub-system
195 # integrity sub-system
196 set_kernel_config CONFIG_INTEGRITY y
196 set_kernel_config CONFIG_INTEGRITY y
197 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
197 set_kernel_config CONFIG_INTEGRITY_ASYMMETRIC_KEYS y
198 set_kernel_config CONFIG_INTEGRITY_AUDIT y
198 set_kernel_config CONFIG_INTEGRITY_AUDIT y
199 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
199 set_kernel_config CONFIG_INTEGRITY_SIGNATURE y
200 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
200 set_kernel_config CONFIG_INTEGRITY_TRUSTED_KEYRING y
201
201
202 # This option provides support for retaining authentication tokens and access keys in the kernel.
202 # This option provides support for retaining authentication tokens and access keys in the kernel.
203 set_kernel_config CONFIG_KEYS y
203 set_kernel_config CONFIG_KEYS y
204 set_kernel_config CONFIG_KEYS_COMPAT y
204 set_kernel_config CONFIG_KEYS_COMPAT y
205
205
206 # Apparmor
206 # Apparmor
207 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
207 set_kernel_config CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE 0
208 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
208 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH_DEFAULT y
209 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
209 set_kernel_config CONFIG_DEFAULT_SECURITY_APPARMOR y
210 set_kernel_config CONFIG_SECURITY_APPARMOR y
210 set_kernel_config CONFIG_SECURITY_APPARMOR y
211 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
211 set_kernel_config CONFIG_SECURITY_APPARMOR_HASH y
212 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
212 set_kernel_config CONFIG_DEFAULT_SECURITY "apparmor"
213
213
214 # restrictions on unprivileged users reading the kernel
214 # restrictions on unprivileged users reading the kernel
215 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
215 set_kernel_config CONFIG_SECURITY_DMESG_RESTRICT y
216
216
217 # network security hooks
217 # network security hooks
218 set_kernel_config CONFIG_SECURITY_NETWORK y
218 set_kernel_config CONFIG_SECURITY_NETWORK y
219 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
219 set_kernel_config CONFIG_SECURITY_NETWORK_XFRM y
220 set_kernel_config CONFIG_SECURITY_PATH y
220 set_kernel_config CONFIG_SECURITY_PATH y
221 set_kernel_config CONFIG_SECURITY_YAMA n
221 set_kernel_config CONFIG_SECURITY_YAMA n
222
222
223 # New Options
223 # New Options
224 if [ "$KERNEL_NF" = true ] ; then
224 if [ "$KERNEL_NF" = true ] ; then
225 set_kernel_config CONFIG_IP_NF_SECURITY m
225 set_kernel_config CONFIG_IP_NF_SECURITY m
226 set_kernel_config CONFIG_NETLABEL y
226 set_kernel_config CONFIG_NETLABEL y
227 set_kernel_config CONFIG_IP6_NF_SECURITY m
227 set_kernel_config CONFIG_IP6_NF_SECURITY m
228 fi
228 fi
229 set_kernel_config CONFIG_SECURITY_SELINUX n
229 set_kernel_config CONFIG_SECURITY_SELINUX n
230 set_kernel_config CONFIG_SECURITY_SMACK n
230 set_kernel_config CONFIG_SECURITY_SMACK n
231 set_kernel_config CONFIG_SECURITY_TOMOYO n
231 set_kernel_config CONFIG_SECURITY_TOMOYO n
232 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
232 set_kernel_config CONFIG_SECURITY_APPARMOR_DEBUG n
233 set_kernel_config CONFIG_SECURITY_LOADPIN n
233 set_kernel_config CONFIG_SECURITY_LOADPIN n
234 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
234 set_kernel_config CONFIG_HARDENED_USERCOPY_PAGESPAN n
235 set_kernel_config CONFIG_IMA n
235 set_kernel_config CONFIG_IMA n
236 set_kernel_config CONFIG_EVM n
236 set_kernel_config CONFIG_EVM n
237 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
237 set_kernel_config CONFIG_FANOTIFY_ACCESS_PERMISSIONS y
238 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
238 set_kernel_config CONFIG_NFSD_V4_SECURITY_LABEL y
239 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
239 set_kernel_config CONFIG_PKCS7_MESSAGE_PARSER y
240 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
240 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYRING y
241 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
241 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS y
242 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
242 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE y
243 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
243 set_kernel_config CONFIG_SECONDARY_TRUSTED_KEYRING y
244 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
244 set_kernel_config CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY n
245 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
245 set_kernel_config CONFIG_SYSTEM_TRUSTED_KEYS m
246 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
246 set_kernel_config CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE 4096
247
247
248 set_kernel_config CONFIG_ARM64_CRYPTO y
248 set_kernel_config CONFIG_ARM64_CRYPTO y
249 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
249 set_kernel_config CONFIG_CRYPTO_SHA256_ARM64 m
250 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
250 set_kernel_config CONFIG_CRYPTO_SHA512_ARM64 m
251 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
251 set_kernel_config CONFIG_CRYPTO_SHA1_ARM64_CE m
252 set_kernel_config CRYPTO_GHASH_ARM64_CE m
252 set_kernel_config CRYPTO_GHASH_ARM64_CE m
253 set_kernel_config CRYPTO_SHA2_ARM64_CE m
253 set_kernel_config CRYPTO_SHA2_ARM64_CE m
254 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
254 set_kernel_config CONFIG_CRYPTO_CRCT10DIF_ARM64_CE m
255 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
255 set_kernel_config CONFIG_CRYPTO_CRC32_ARM64_CE m
256 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
256 set_kernel_config CONFIG_CRYPTO_AES_ARM64 m
257 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
257 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE m
258 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
258 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_CCM y
259 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
259 set_kernel_config CONFIG_CRYPTO_AES_ARM64_CE_BLK y
260 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
260 set_kernel_config CONFIG_CRYPTO_AES_ARM64_NEON_BLK m
261 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
261 set_kernel_config CONFIG_CRYPTO_CHACHA20_NEON m
262 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
262 set_kernel_config CONFIG_CRYPTO_AES_ARM64_BS m
263 set_kernel_config SYSTEM_TRUSTED_KEYS
263 set_kernel_config SYSTEM_TRUSTED_KEYS
264 fi
264 fi
265
265
266 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
266 # Netfilter kernel support See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
267 if [ "$KERNEL_NF" = true ] ; then
267 if [ "$KERNEL_NF" = true ] ; then
268 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
268 set_kernel_config CONFIG_IP_NF_TARGET_SYNPROXY m
269 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
269 set_kernel_config CONFIG_NETFILTER_XT_TARGET_AUDIT m
270 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
270 set_kernel_config CONFIG_NETFILTER_XT_MATCH_CGROUP m
271 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
271 set_kernel_config CONFIG_NETFILTER_XT_MATCH_IPCOMP m
272 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
272 set_kernel_config CONFIG_NETFILTER_XT_MATCH_SOCKET m
273 set_kernel_config CONFIG_NFT_FIB_INET m
273 set_kernel_config CONFIG_NFT_FIB_INET m
274 set_kernel_config CONFIG_NFT_FIB_IPV4 m
274 set_kernel_config CONFIG_NFT_FIB_IPV4 m
275 set_kernel_config CONFIG_NFT_FIB_IPV6 m
275 set_kernel_config CONFIG_NFT_FIB_IPV6 m
276 set_kernel_config CONFIG_NFT_FIB_NETDEV m
276 set_kernel_config CONFIG_NFT_FIB_NETDEV m
277 set_kernel_config CONFIG_NFT_OBJREF m
277 set_kernel_config CONFIG_NFT_OBJREF m
278 set_kernel_config CONFIG_NFT_RT m
278 set_kernel_config CONFIG_NFT_RT m
279 set_kernel_config CONFIG_NFT_SET_BITMAP m
279 set_kernel_config CONFIG_NFT_SET_BITMAP m
280 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
280 set_kernel_config CONFIG_NF_CONNTRACK_TIMEOUT y
281 set_kernel_config CONFIG_NF_LOG_ARP m
281 set_kernel_config CONFIG_NF_LOG_ARP m
282 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
282 set_kernel_config CONFIG_NF_SOCKET_IPV4 m
283 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
283 set_kernel_config CONFIG_NF_SOCKET_IPV6 m
284 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
284 set_kernel_config CONFIG_BRIDGE_EBT_BROUTE m
285 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
285 set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m
286 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
286 set_kernel_config CONFIG_BRIDGE_NF_EBTABLES m
287 set_kernel_config CONFIG_IP6_NF_IPTABLES m
287 set_kernel_config CONFIG_IP6_NF_IPTABLES m
288 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
288 set_kernel_config CONFIG_IP6_NF_MATCH_AH m
289 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
289 set_kernel_config CONFIG_IP6_NF_MATCH_EUI64 m
290 set_kernel_config CONFIG_IP6_NF_NAT m
290 set_kernel_config CONFIG_IP6_NF_NAT m
291 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
291 set_kernel_config CONFIG_IP6_NF_TARGET_MASQUERADE m
292 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
292 set_kernel_config CONFIG_IP6_NF_TARGET_NPT m
293 set_kernel_config CONFIG_IP_NF_SECURITY m
293 set_kernel_config CONFIG_IP_NF_SECURITY m
294 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
294 set_kernel_config CONFIG_IP_SET_BITMAP_IPMAC m
295 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
295 set_kernel_config CONFIG_IP_SET_BITMAP_PORT m
296 set_kernel_config CONFIG_IP_SET_HASH_IP m
296 set_kernel_config CONFIG_IP_SET_HASH_IP m
297 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
297 set_kernel_config CONFIG_IP_SET_HASH_IPMARK m
298 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
298 set_kernel_config CONFIG_IP_SET_HASH_IPPORT m
299 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
299 set_kernel_config CONFIG_IP_SET_HASH_IPPORTIP m
300 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
300 set_kernel_config CONFIG_IP_SET_HASH_IPPORTNET m
301 set_kernel_config CONFIG_IP_SET_HASH_MAC m
301 set_kernel_config CONFIG_IP_SET_HASH_MAC m
302 set_kernel_config CONFIG_IP_SET_HASH_NET m
302 set_kernel_config CONFIG_IP_SET_HASH_NET m
303 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
303 set_kernel_config CONFIG_IP_SET_HASH_NETIFACE m
304 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
304 set_kernel_config CONFIG_IP_SET_HASH_NETNET m
305 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
305 set_kernel_config CONFIG_IP_SET_HASH_NETPORT m
306 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
306 set_kernel_config CONFIG_IP_SET_HASH_NETPORTNET m
307 set_kernel_config CONFIG_IP_SET_LIST_SET m
307 set_kernel_config CONFIG_IP_SET_LIST_SET m
308 set_kernel_config CONFIG_NETFILTER_XTABLES m
308 set_kernel_config CONFIG_NETFILTER_XTABLES m
309 set_kernel_config CONFIG_NETFILTER_XTABLES m
309 set_kernel_config CONFIG_NETFILTER_XTABLES m
310 set_kernel_config CONFIG_NFT_BRIDGE_META m
310 set_kernel_config CONFIG_NFT_BRIDGE_META m
311 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
311 set_kernel_config CONFIG_NFT_BRIDGE_REJECT m
312 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
312 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV4 m
313 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
313 set_kernel_config CONFIG_NFT_CHAIN_NAT_IPV6 m
314 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
314 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV4 m
315 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
315 set_kernel_config CONFIG_NFT_CHAIN_ROUTE_IPV6 m
316 set_kernel_config CONFIG_NFT_COMPAT m
316 set_kernel_config CONFIG_NFT_COMPAT m
317 set_kernel_config CONFIG_NFT_COUNTER m
317 set_kernel_config CONFIG_NFT_COUNTER m
318 set_kernel_config CONFIG_NFT_CT m
318 set_kernel_config CONFIG_NFT_CT m
319 set_kernel_config CONFIG_NFT_DUP_IPV4 m
319 set_kernel_config CONFIG_NFT_DUP_IPV4 m
320 set_kernel_config CONFIG_NFT_DUP_IPV6 m
320 set_kernel_config CONFIG_NFT_DUP_IPV6 m
321 set_kernel_config CONFIG_NFT_DUP_NETDEV m
321 set_kernel_config CONFIG_NFT_DUP_NETDEV m
322 set_kernel_config CONFIG_NFT_EXTHDR m
322 set_kernel_config CONFIG_NFT_EXTHDR m
323 set_kernel_config CONFIG_NFT_FWD_NETDEV m
323 set_kernel_config CONFIG_NFT_FWD_NETDEV m
324 set_kernel_config CONFIG_NFT_HASH m
324 set_kernel_config CONFIG_NFT_HASH m
325 set_kernel_config CONFIG_NFT_LIMIT m
325 set_kernel_config CONFIG_NFT_LIMIT m
326 set_kernel_config CONFIG_NFT_LOG m
326 set_kernel_config CONFIG_NFT_LOG m
327 set_kernel_config CONFIG_NFT_MASQ m
327 set_kernel_config CONFIG_NFT_MASQ m
328 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
328 set_kernel_config CONFIG_NFT_MASQ_IPV4 m
329 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
329 set_kernel_config CONFIG_NFT_MASQ_IPV6 m
330 set_kernel_config CONFIG_NFT_META m
330 set_kernel_config CONFIG_NFT_META m
331 set_kernel_config CONFIG_NFT_NAT m
331 set_kernel_config CONFIG_NFT_NAT m
332 set_kernel_config CONFIG_NFT_NUMGEN m
332 set_kernel_config CONFIG_NFT_NUMGEN m
333 set_kernel_config CONFIG_NFT_QUEUE m
333 set_kernel_config CONFIG_NFT_QUEUE m
334 set_kernel_config CONFIG_NFT_QUOTA m
334 set_kernel_config CONFIG_NFT_QUOTA m
335 set_kernel_config CONFIG_NFT_REDIR m
335 set_kernel_config CONFIG_NFT_REDIR m
336 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
336 set_kernel_config CONFIG_NFT_REDIR_IPV4 m
337 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
337 set_kernel_config CONFIG_NFT_REDIR_IPV6 m
338 set_kernel_config CONFIG_NFT_REJECT m
338 set_kernel_config CONFIG_NFT_REJECT m
339 set_kernel_config CONFIG_NFT_REJECT_INET m
339 set_kernel_config CONFIG_NFT_REJECT_INET m
340 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
340 set_kernel_config CONFIG_NFT_REJECT_IPV4 m
341 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
341 set_kernel_config CONFIG_NFT_REJECT_IPV6 m
342 set_kernel_config CONFIG_NFT_SET_HASH m
342 set_kernel_config CONFIG_NFT_SET_HASH m
343 set_kernel_config CONFIG_NFT_SET_RBTREE m
343 set_kernel_config CONFIG_NFT_SET_RBTREE m
344 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
344 set_kernel_config CONFIG_NF_CONNTRACK_IPV4 m
345 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
345 set_kernel_config CONFIG_NF_CONNTRACK_IPV6 m
346 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
346 set_kernel_config CONFIG_NF_DEFRAG_IPV4 m
347 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
347 set_kernel_config CONFIG_NF_DEFRAG_IPV6 m
348 set_kernel_config CONFIG_NF_DUP_IPV4 m
348 set_kernel_config CONFIG_NF_DUP_IPV4 m
349 set_kernel_config CONFIG_NF_DUP_IPV6 m
349 set_kernel_config CONFIG_NF_DUP_IPV6 m
350 set_kernel_config CONFIG_NF_DUP_NETDEV m
350 set_kernel_config CONFIG_NF_DUP_NETDEV m
351 set_kernel_config CONFIG_NF_LOG_BRIDGE m
351 set_kernel_config CONFIG_NF_LOG_BRIDGE m
352 set_kernel_config CONFIG_NF_LOG_IPV4 m
352 set_kernel_config CONFIG_NF_LOG_IPV4 m
353 set_kernel_config CONFIG_NF_LOG_IPV6 m
353 set_kernel_config CONFIG_NF_LOG_IPV6 m
354 set_kernel_config CONFIG_NF_NAT_IPV4 m
354 set_kernel_config CONFIG_NF_NAT_IPV4 m
355 set_kernel_config CONFIG_NF_NAT_IPV6 m
355 set_kernel_config CONFIG_NF_NAT_IPV6 m
356 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
356 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV4 m
357 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
357 set_kernel_config CONFIG_NF_NAT_MASQUERADE_IPV6 m
358 set_kernel_config CONFIG_NF_NAT_PPTP m
358 set_kernel_config CONFIG_NF_NAT_PPTP m
359 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
359 set_kernel_config CONFIG_NF_NAT_PROTO_GRE m
360 set_kernel_config CONFIG_NF_NAT_REDIRECT m
360 set_kernel_config CONFIG_NF_NAT_REDIRECT m
361 set_kernel_config CONFIG_NF_NAT_SIP m
361 set_kernel_config CONFIG_NF_NAT_SIP m
362 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
362 set_kernel_config CONFIG_NF_NAT_SNMP_BASIC m
363 set_kernel_config CONFIG_NF_NAT_TFTP m
363 set_kernel_config CONFIG_NF_NAT_TFTP m
364 set_kernel_config CONFIG_NF_REJECT_IPV4 m
364 set_kernel_config CONFIG_NF_REJECT_IPV4 m
365 set_kernel_config CONFIG_NF_REJECT_IPV6 m
365 set_kernel_config CONFIG_NF_REJECT_IPV6 m
366 set_kernel_config CONFIG_NF_TABLES m
366 set_kernel_config CONFIG_NF_TABLES m
367 set_kernel_config CONFIG_NF_TABLES_ARP m
367 set_kernel_config CONFIG_NF_TABLES_ARP m
368 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
368 set_kernel_config CONFIG_NF_TABLES_BRIDGE m
369 set_kernel_config CONFIG_NF_TABLES_INET m
369 set_kernel_config CONFIG_NF_TABLES_INET m
370 set_kernel_config CONFIG_NF_TABLES_IPV4 m
370 set_kernel_config CONFIG_NF_TABLES_IPV4 m
371 set_kernel_config CONFIG_NF_TABLES_IPV6 m
371 set_kernel_config CONFIG_NF_TABLES_IPV6 m
372 set_kernel_config CONFIG_NF_TABLES_NETDEV m
372 set_kernel_config CONFIG_NF_TABLES_NETDEV m
373 fi
373 fi
374
374
375 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
375 # Enables BPF syscall for systemd-journald see https://github.com/torvalds/linux/blob/master/init/Kconfig#L848 or https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
376 if [ "$KERNEL_BPF" = true ] ; then
376 if [ "$KERNEL_BPF" = true ] ; then
377 set_kernel_config CONFIG_BPF_SYSCALL y
377 set_kernel_config CONFIG_BPF_SYSCALL y
378 set_kernel_config CONFIG_BPF_EVENTS y
378 set_kernel_config CONFIG_BPF_EVENTS y
379 set_kernel_config CONFIG_BPF_STREAM_PARSER y
379 set_kernel_config CONFIG_BPF_STREAM_PARSER y
380 set_kernel_config CONFIG_CGROUP_BPF y
380 set_kernel_config CONFIG_CGROUP_BPF y
381 fi
381 fi
382
382
383 # KERNEL_DEFAULT_GOV was set by user
383 # KERNEL_DEFAULT_GOV was set by user
384 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
384 if [ "$KERNEL_DEFAULT_GOV" != powersave ] && [ -n "$KERNEL_DEFAULT_GOV" ] ; then
385
385
386 case "$KERNEL_DEFAULT_GOV" in
386 case "$KERNEL_DEFAULT_GOV" in
387 performance)
387 performance)
388 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
388 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE y
389 ;;
389 ;;
390 userspace)
390 userspace)
391 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
391 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE y
392 ;;
392 ;;
393 ondemand)
393 ondemand)
394 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
394 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND y
395 ;;
395 ;;
396 conservative)
396 conservative)
397 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
397 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE y
398 ;;
398 ;;
399 shedutil)
399 shedutil)
400 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
400 set_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL y
401 ;;
401 ;;
402 *)
402 *)
403 echo "error: unsupported default cpu governor"
403 echo "error: unsupported default cpu governor"
404 exit 1
404 exit 1
405 ;;
405 ;;
406 esac
406 esac
407
407
408 # unset previous default governor
408 # unset previous default governor
409 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
409 unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
410 fi
410 fi
411
411
412 #Revert to previous directory
412 #Revert to previous directory
413 cd "${WORKDIR}" || exit
413 cd "${WORKDIR}" || exit
414
414
415 # Set kernel configuration parameters to enable qemu emulation
415 # Set kernel configuration parameters to enable qemu emulation
416 if [ "$ENABLE_QEMU" = true ] ; then
416 if [ "$ENABLE_QEMU" = true ] ; then
417 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
417 echo "CONFIG_FHANDLE=y" >> "${KERNEL_DIR}"/.config
418 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
418 echo "CONFIG_LBDAF=y" >> "${KERNEL_DIR}"/.config
419
419
420 if [ "$ENABLE_CRYPTFS" = true ] ; then
420 if [ "$ENABLE_CRYPTFS" = true ] ; then
421 {
421 {
422 echo "CONFIG_EMBEDDED=y"
422 echo "CONFIG_EMBEDDED=y"
423 echo "CONFIG_EXPERT=y"
423 echo "CONFIG_EXPERT=y"
424 echo "CONFIG_DAX=y"
424 echo "CONFIG_DAX=y"
425 echo "CONFIG_MD=y"
425 echo "CONFIG_MD=y"
426 echo "CONFIG_BLK_DEV_MD=y"
426 echo "CONFIG_BLK_DEV_MD=y"
427 echo "CONFIG_MD_AUTODETECT=y"
427 echo "CONFIG_MD_AUTODETECT=y"
428 echo "CONFIG_BLK_DEV_DM=y"
428 echo "CONFIG_BLK_DEV_DM=y"
429 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
429 echo "CONFIG_BLK_DEV_DM_BUILTIN=y"
430 echo "CONFIG_DM_CRYPT=y"
430 echo "CONFIG_DM_CRYPT=y"
431 echo "CONFIG_CRYPTO_BLKCIPHER=y"
431 echo "CONFIG_CRYPTO_BLKCIPHER=y"
432 echo "CONFIG_CRYPTO_CBC=y"
432 echo "CONFIG_CRYPTO_CBC=y"
433 echo "CONFIG_CRYPTO_XTS=y"
433 echo "CONFIG_CRYPTO_XTS=y"
434 echo "CONFIG_CRYPTO_SHA512=y"
434 echo "CONFIG_CRYPTO_SHA512=y"
435 echo "CONFIG_CRYPTO_MANAGER=y"
435 echo "CONFIG_CRYPTO_MANAGER=y"
436 } >> "${KERNEL_DIR}"/.config
436 } >> "${KERNEL_DIR}"/.config
437 fi
437 fi
438 fi
438 fi
439
439
440 # Copy custom kernel configuration file
440 # Copy custom kernel configuration file
441 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
441 if [ -n "$KERNELSRC_USRCONFIG" ] ; then
442 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
442 cp "$KERNELSRC_USRCONFIG" "${KERNEL_DIR}"/.config
443 fi
443 fi
444
444
445 # Set kernel configuration parameters to their default values
445 # Set kernel configuration parameters to their default values
446 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
446 if [ "$KERNEL_OLDDEFCONFIG" = true ] ; then
447 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
447 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" olddefconfig
448 fi
448 fi
449
449
450 # Start menu-driven kernel configuration (interactive)
450 # Start menu-driven kernel configuration (interactive)
451 if [ "$KERNEL_MENUCONFIG" = true ] ; then
451 if [ "$KERNEL_MENUCONFIG" = true ] ; then
452 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
452 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" menuconfig
453 fi
453 fi
454 # end if "$KERNELSRC_CONFIG" = true
454 # end if "$KERNELSRC_CONFIG" = true
455 fi
455 fi
456
456
457 # Use ccache to cross compile the kernel
457 # Use ccache to cross compile the kernel
458 if [ "$KERNEL_CCACHE" = true ] ; then
458 if [ "$KERNEL_CCACHE" = true ] ; then
459 cc="ccache ${CROSS_COMPILE}gcc"
459 cc="ccache ${CROSS_COMPILE}gcc"
460 else
460 else
461 cc="${CROSS_COMPILE}gcc"
461 cc="${CROSS_COMPILE}gcc"
462 fi
462 fi
463
463
464 # Cross compile kernel and dtbs
464 # Cross compile kernel and dtbs
465 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
465 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" "${KERNEL_BIN_IMAGE}" dtbs
466
466
467 # Cross compile kernel modules
467 # Cross compile kernel modules
468 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
468 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
469 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
469 make -C "${KERNEL_DIR}" -j"${KERNEL_THREADS}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" modules
470 fi
470 fi
471 # end if "$KERNELSRC_PREBUILT" = false
471 # end if "$KERNELSRC_PREBUILT" = false
472 fi
472 fi
473
473
474 # Check if kernel compilation was successful
474 # Check if kernel compilation was successful
475 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
475 if [ ! -r "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" ] ; then
476 echo "error: kernel compilation failed! (kernel image not found)"
476 echo "error: kernel compilation failed! (kernel image not found)"
477 cleanup
477 cleanup
478 exit 1
478 exit 1
479 fi
479 fi
480
480
481 # Install kernel modules
481 # Install kernel modules
482 if [ "$ENABLE_REDUCE" = true ] ; then
482 if [ "$ENABLE_REDUCE" = true ] ; then
483 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
483 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
484 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
484 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=../../.. modules_install
485 fi
485 fi
486 else
486 else
487 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
487 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
488 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
488 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_MOD_PATH=../../.. modules_install
489 fi
489 fi
490
490
491 # Install kernel firmware
491 # Install kernel firmware
492 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
492 if grep -q "^firmware_install:" "${KERNEL_DIR}/Makefile" ; then
493 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
493 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_FW_PATH=../../../lib firmware_install
494 fi
494 fi
495 fi
495 fi
496
496
497 # Install kernel headers
497 # Install kernel headers
498 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
498 if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
499 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
499 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
500 fi
500 fi
501
501
502 # Prepare boot (firmware) directory
502 # Prepare boot (firmware) directory
503 mkdir "${BOOT_DIR}"
503 mkdir "${BOOT_DIR}"
504
504
505 # Get kernel release version
505 # Get kernel release version
506 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
506 KERNEL_VERSION=$(cat "${KERNEL_DIR}/include/config/kernel.release")
507
507
508 # Copy kernel configuration file to the boot directory
508 # Copy kernel configuration file to the boot directory
509 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
509 install_readonly "${KERNEL_DIR}/.config" "${R}/boot/config-${KERNEL_VERSION}"
510
510
511 # Prepare device tree directory
511 # Prepare device tree directory
512 mkdir "${BOOT_DIR}/overlays"
512 mkdir "${BOOT_DIR}/overlays"
513
513
514 # Ensure the proper .dtb is located
514 # Ensure the proper .dtb is located
515 if [ "$KERNEL_ARCH" = "arm" ] ; then
515 if [ "$KERNEL_ARCH" = "arm" ] ; then
516 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
516 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/"*.dtb ; do
517 if [ -f "${dtb}" ] ; then
517 if [ -f "${dtb}" ] ; then
518 install_readonly "${dtb}" "${BOOT_DIR}/"
518 install_readonly "${dtb}" "${BOOT_DIR}/"
519 fi
519 fi
520 done
520 done
521 else
521 else
522 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
522 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/broadcom/"*.dtb ; do
523 if [ -f "${dtb}" ] ; then
523 if [ -f "${dtb}" ] ; then
524 install_readonly "${dtb}" "${BOOT_DIR}/"
524 install_readonly "${dtb}" "${BOOT_DIR}/"
525 fi
525 fi
526 done
526 done
527 fi
527 fi
528
528
529 # Copy compiled dtb device tree files
529 # Copy compiled dtb device tree files
530 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
530 if [ -d "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays" ] ; then
531 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
531 for dtb in "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/"*.dtbo ; do
532 if [ -f "${dtb}" ] ; then
532 if [ -f "${dtb}" ] ; then
533 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
533 install_readonly "${dtb}" "${BOOT_DIR}/overlays/"
534 fi
534 fi
535 done
535 done
536
536
537 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
537 if [ -f "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" ] ; then
538 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
538 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/dts/overlays/README" "${BOOT_DIR}/overlays/README"
539 fi
539 fi
540 fi
540 fi
541
541
542 if [ "$ENABLE_UBOOT" = false ] ; then
542 if [ "$ENABLE_UBOOT" = false ] ; then
543 # Convert and copy kernel image to the boot directory
543 # Convert and copy kernel image to the boot directory
544 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
544 "${KERNEL_DIR}/scripts/mkknlimg" "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
545 else
545 else
546 # Copy kernel image to the boot directory
546 # Copy kernel image to the boot directory
547 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
547 install_readonly "${KERNEL_DIR}/arch/${KERNEL_ARCH}/boot/${KERNEL_BIN_IMAGE}" "${BOOT_DIR}/${KERNEL_IMAGE}"
548 fi
548 fi
549
549
550 # Remove kernel sources
550 # Remove kernel sources
551 if [ "$KERNEL_REMOVESRC" = true ] ; then
551 if [ "$KERNEL_REMOVESRC" = true ] ; then
552 rm -fr "${KERNEL_DIR}"
552 rm -fr "${KERNEL_DIR}"
553 else
553 else
554 # Prepare compiled kernel modules
554 # Prepare compiled kernel modules
555 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
555 if grep -q "CONFIG_MODULES=y" "${KERNEL_DIR}/.config" ; then
556 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
556 if grep -q "^modules_prepare:" "${KERNEL_DIR}/Makefile" ; then
557 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
557 make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" modules_prepare
558 fi
558 fi
559
559
560 # Create symlinks for kernel modules
560 # Create symlinks for kernel modules
561 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
561 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/build"
562 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
562 chroot_exec ln -sf /usr/src/linux "/lib/modules/${KERNEL_VERSION}/source"
563 fi
563 fi
564 fi
564 fi
565
565
566 else # BUILD_KERNEL=false
566 else # BUILD_KERNEL=false
567 if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
567 if [ "$SET_ARCH" = 64 ]
568
568 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
569 # Use Sakakis modified kernel if ZSWAP is active
569 # Use Sakakis modified kernel if ZSWAP is active
570 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
570 if [ "$KERNEL_ZSWAP" = true ] || [ "$KERNEL_VIRT" = true ] || [ "$KERNEL_NF" = true ] || [ "$KERNEL_BPF" = true ] ; then
571 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
571 RPI3_64_KERNEL_URL="${RPI3_64_BIS_KERNEL_URL}"
572 fi
572 fi
573
573
574 # Create temporary directory for dl
574 # Create temporary directory for dl
575 temp_dir=$(as_nobody mktemp -d)
575 temp_dir=$(as_nobody mktemp -d)
576
576
577 # Fetch kernel dl
577 # Fetch kernel dl
578 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
578 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI3_64_KERNEL_URL"
579 fi
580 if [ "$SET_ARCH" = 64 ] && [ "$RPI_MODEL" = 4 ] ; then
581 # Create temporary directory for dl
582 temp_dir=$(as_nobody mktemp -d)
583
584 # Fetch kernel dl
585 as_nobody wget -O "${temp_dir}"/kernel.tar.xz -c "$RPI4_64_KERNEL_URL"
586 fi
579
587
580 #extract download
588 #extract download
581 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
589 tar -xJf "${temp_dir}"/kernel.tar.xz -C "${temp_dir}"
582
590
583 #move extracted kernel to /boot/firmware
591 #move extracted kernel to /boot/firmware
584 mkdir "${R}/boot/firmware"
592 mkdir "${R}/boot/firmware"
585 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
593 cp "${temp_dir}"/boot/* "${R}"/boot/firmware/
586 cp -r "${temp_dir}"/lib/* "${R}"/lib/
594 cp -r "${temp_dir}"/lib/* "${R}"/lib/
587
595
588 # Remove temporary directory for kernel sources
596 # Remove temporary directory for kernel sources
589 rm -fr "${temp_dir}"
597 rm -fr "${temp_dir}"
590
598
591 # Set permissions of the kernel sources
599 # Set permissions of the kernel sources
592 chown -R root:root "${R}/boot/firmware"
600 chown -R root:root "${R}/boot/firmware"
593 chown -R root:root "${R}/lib/modules"
601 chown -R root:root "${R}/lib/modules"
594 fi
602 fi
595
603
596 # Install Kernel from hypriot comptabile with all Raspberry PI
604 # Install Kernel from hypriot comptabile with all Raspberry PI (dunno if its compatible with RPI4 - better compile your own kernel)
597 if [ "$SET_ARCH" = 32 ] ; then
605 if [ "$SET_ARCH" = 32 ] && [ "$RPI_MODEL" != 4 ] ; then
598 # Create temporary directory for dl
606 # Create temporary directory for dl
599 temp_dir=$(as_nobody mktemp -d)
607 temp_dir=$(as_nobody mktemp -d)
600
608
601 # Fetch kernel
609 # Fetch kernel
602 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
610 as_nobody wget -O "${temp_dir}"/kernel.deb -c "$RPI_32_KERNEL_URL"
603
611
604 # Copy downloaded U-Boot sources
612 # Copy downloaded kernel package
605 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
613 mv "${temp_dir}"/kernel.deb "${R}"/tmp/kernel.deb
606
614
607 # Set permissions
615 # Set permissions
608 chown -R root:root "${R}"/tmp/kernel.deb
616 chown -R root:root "${R}"/tmp/kernel.deb
609
617
610 # Install kernel
618 # Install kernel
611 chroot_exec dpkg -i /tmp/kernel.deb
619 chroot_exec dpkg -i /tmp/kernel.deb
612
620
613 # move /boot to /boot/firmware to fit script env.
621 # move /boot to /boot/firmware to fit script env.
614 #mkdir "${BOOT_DIR}"
622 #mkdir "${BOOT_DIR}"
615 mkdir "${temp_dir}"/firmware
623 mkdir "${temp_dir}"/firmware
616 mv "${R}"/boot/* "${temp_dir}"/firmware/
624 mv "${R}"/boot/* "${temp_dir}"/firmware/
617 mv "${temp_dir}"/firmware "${R}"/boot/
625 mv "${temp_dir}"/firmware "${R}"/boot/
618
626
619 #same for kernel headers
627 #same for kernel headers
620 if [ "$KERNEL_HEADERS" = true ] ; then
628 if [ "$KERNEL_HEADERS" = true ] ; then
621 # Fetch kernel header
629 # Fetch kernel header
622 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
630 as_nobody wget -O "${temp_dir}"/kernel-header.deb -c "$RPI_32_KERNELHEADER_URL"
623 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
631 mv "${temp_dir}"/kernel-header.deb "${R}"/tmp/kernel-header.deb
624 chown -R root:root "${R}"/tmp/kernel-header.deb
632 chown -R root:root "${R}"/tmp/kernel-header.deb
625 # Install kernel header
633 # Install kernel header
626 chroot_exec dpkg -i /tmp/kernel-header.deb
634 chroot_exec dpkg -i /tmp/kernel-header.deb
627 rm -f "${R}"/tmp/kernel-header.deb
635 rm -f "${R}"/tmp/kernel-header.deb
628 fi
636 fi
629
637
630 # Remove temporary directory and files
638 # Remove temporary directory and files
631 rm -fr "${temp_dir}"
639 rm -fr "${temp_dir}"
632 rm -f "${R}"/tmp/kernel.deb
640 rm -f "${R}"/tmp/kernel.deb
633 fi
641 fi
634
642
635 # Check if kernel installation was successful
643 # Check if kernel installation was successful
636 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
644 KERNEL="$(ls -1 "${R}"/boot/firmware/kernel* | sort | tail -n 1)"
637 if [ -z "$KERNEL" ] ; then
645 if [ -z "$KERNEL" ] ; then
638 echo "error: kernel installation failed! (/boot/kernel* not found)"
646 echo "error: kernel installation failed! (/boot/kernel* not found)"
639 cleanup
647 cleanup
640 exit 1
648 exit 1
641 fi
649 fi
642 fi
650 fi
@@ -1,310 +1,315
1 #
1 #
2 # Setup RPi2/3 config and cmdline
2 # Setup RPi2/3 config and cmdline
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
8 if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
9 # Install boot binaries from local directory
9 # Install boot binaries from local directory
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
10 cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
11 cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
12 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
13 cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
14 cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
15 cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
16 cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
17 else
17 else
18 # Create temporary directory for boot binaries
18 # Create temporary directory for boot binaries
19 temp_dir=$(as_nobody mktemp -d)
19 temp_dir=$(as_nobody mktemp -d)
20
20
21 # Install latest boot binaries from raspberry/firmware github
21 # Install latest boot binaries from raspberry/firmware github
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
22 as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
23 as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
24 as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
25 as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
26 as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
27 as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
28 as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
29
29
30 # Move downloaded boot binaries
30 # Move downloaded boot binaries
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
31 mv "${temp_dir}/"* "${BOOT_DIR}/"
32
32
33 # Remove temporary directory for boot binaries
33 # Remove temporary directory for boot binaries
34 rm -fr "${temp_dir}"
34 rm -fr "${temp_dir}"
35
35
36 # Set permissions of the boot binaries
36 # Set permissions of the boot binaries
37 chown -R root:root "${BOOT_DIR}"
37 chown -R root:root "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
38 chmod -R 600 "${BOOT_DIR}"
39 fi
39 fi
40
40
41 if [ "$ENABLE_KEYGEN" = true ] ; then
41 if [ "$ENABLE_KEYGEN" = true ] ; then
42
42
43 # go to chroot/boot/
43 # go to chroot/boot/
44 cd "${BOOT_DIR}/" || exit
44 cd "${BOOT_DIR}/" || exit
45
45
46 # Make a copy of start.elf
46 # Make a copy of start.elf
47 cp start.elf start.elf_backup
47 cp start.elf start.elf_backup
48
48
49 # Remove codec licence checks - thx go to https://github.com/nucular/raspi-keygen - if ENABLE_VIDEOCORE is true, you can check codec status https://elinux.org/RPI_vcgencmd_usage
49 # Remove codec licence checks - thx go to https://github.com/nucular/raspi-keygen - if ENABLE_VIDEOCORE is true, you can check codec status https://elinux.org/RPI_vcgencmd_usage
50 perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
50 perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
51
51
52 # Back to base dir
52 # Back to base dir
53 cd "${WORKDIR}" || exit
53 cd "${WORKDIR}" || exit
54 fi
54 fi
55
55
56 # Setup firmware boot cmdline
56 # Setup firmware boot cmdline
57 if [ "$ENABLE_USBBOOT" = true ] ; then
57 if [ "$ENABLE_USBBOOT" = true ] ; then
58 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
58 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
59 else
59 else
60 if [ "$ENABLE_SPLITFS" = true ] ; then
60 if [ "$ENABLE_SPLITFS" = true ] ; then
61 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
61 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/sda1 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
62 else
62 else
63 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
63 CMDLINE="dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 rootfstype=ext4 rootflags=commit=100,data=writeback elevator=deadline console=tty1 rootwait init=/bin/systemd"
64 fi
64 fi
65 fi
65 fi
66
66
67 # Add encrypted root partition to cmdline.txt
67 # Add encrypted root partition to cmdline.txt
68 if [ "$ENABLE_CRYPTFS" = true ] ; then
68 if [ "$ENABLE_CRYPTFS" = true ] ; then
69 if [ "$ENABLE_SPLITFS" = true ] ; then
69 if [ "$ENABLE_SPLITFS" = true ] ; then
70 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
70 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda1/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda1:${CRYPTFS_MAPPING}/")
71 else
71 else
72 if [ "$ENABLE_USBBOOT" = true ] ; then
72 if [ "$ENABLE_USBBOOT" = true ] ; then
73 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
73 CMDLINE=$(echo "${CMDLINE}" | sed "s/sda2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/sda2:${CRYPTFS_MAPPING}/")
74 else
74 else
75 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
75 CMDLINE=$(echo "${CMDLINE}" | sed "s/mmcblk0p2/mapper\/${CRYPTFS_MAPPING} cryptdevice=\/dev\/mmcblk0p2:${CRYPTFS_MAPPING}/")
76 fi
76 fi
77 fi
77 fi
78 fi
78 fi
79
79
80 # Enable Kernel messages on standard output
80 # Enable Kernel messages on standard output
81 if [ "$ENABLE_PRINTK" = true ] ; then
81 if [ "$ENABLE_PRINTK" = true ] ; then
82 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
82 install_readonly files/sysctl.d/83-rpi-printk.conf "${ETC_DIR}/sysctl.d/83-rpi-printk.conf"
83 fi
83 fi
84
84
85 # Enable Kernel messages on standard output
85 # Enable Kernel messages on standard output
86 if [ "$KERNEL_SECURITY" = true ] ; then
86 if [ "$KERNEL_SECURITY" = true ] ; then
87 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
87 install_readonly files/sysctl.d/84-rpi-ASLR.conf "${ETC_DIR}/sysctl.d/84-rpi-ASLR.conf"
88 fi
88 fi
89
89
90 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
90 # Install udev rule for serial alias - serial0 = console serial1=bluetooth
91 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
91 install_readonly files/etc/99-com.rules "${LIB_DIR}/udev/rules.d/99-com.rules"
92
92
93 # Remove IPv6 networking support
93 # Remove IPv6 networking support
94 if [ "$ENABLE_IPV6" = false ] ; then
94 if [ "$ENABLE_IPV6" = false ] ; then
95 CMDLINE="${CMDLINE} ipv6.disable=1"
95 CMDLINE="${CMDLINE} ipv6.disable=1"
96 fi
96 fi
97
97
98 # Automatically assign predictable network interface names
98 # Automatically assign predictable network interface names
99 if [ "$ENABLE_IFNAMES" = false ] ; then
99 if [ "$ENABLE_IFNAMES" = false ] ; then
100 CMDLINE="${CMDLINE} net.ifnames=0"
100 CMDLINE="${CMDLINE} net.ifnames=0"
101 else
101 else
102 CMDLINE="${CMDLINE} net.ifnames=1"
102 CMDLINE="${CMDLINE} net.ifnames=1"
103 fi
103 fi
104
104
105 # Disable Raspberry Pi console logo
105 # Disable Raspberry Pi console logo
106 if [ "$ENABLE_LOGO" = false ] ; then
106 if [ "$ENABLE_LOGO" = false ] ; then
107 CMDLINE="${CMDLINE} logo.nologo"
107 CMDLINE="${CMDLINE} logo.nologo"
108 fi
108 fi
109
109
110 # Strictly limit verbosity of boot up console messages
110 # Strictly limit verbosity of boot up console messages
111 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
111 if [ "$ENABLE_SILENT_BOOT" = true ] ; then
112 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
112 CMDLINE="${CMDLINE} quiet loglevel=0 rd.systemd.show_status=auto rd.udev.log_priority=0"
113 fi
113 fi
114
114
115 # Install firmware config
115 # Install firmware config
116 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
116 install_readonly files/boot/config.txt "${BOOT_DIR}/config.txt"
117
117
118 # Disable Raspberry Pi console logo
118 # Disable Raspberry Pi console logo
119 if [ "$ENABLE_SLASH" = false ] ; then
119 if [ "$ENABLE_SLASH" = false ] ; then
120 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
120 echo "disable_splash=1" >> "${BOOT_DIR}/config.txt"
121 fi
121 fi
122
122
123 # Locks CPU frequency at maximum
123 # Locks CPU frequency at maximum
124 if [ "$ENABLE_TURBO" = true ] ; then
124 if [ "$ENABLE_TURBO" = true ] ; then
125 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
125 echo "force_turbo=1" >> "${BOOT_DIR}/config.txt"
126 # helps to avoid sdcard corruption when force_turbo is enabled.
126 # helps to avoid sdcard corruption when force_turbo is enabled.
127 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
127 echo "boot_delay=1" >> "${BOOT_DIR}/config.txt"
128 fi
128 fi
129
129
130 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
130 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ]; then
131
131
132 # Bluetooth enabled
132 # Bluetooth enabled
133 if [ "$ENABLE_BLUETOOTH" = true ] ; then
133 if [ "$ENABLE_BLUETOOTH" = true ] ; then
134 # Create temporary directory for Bluetooth sources
134 # Create temporary directory for Bluetooth sources
135 temp_dir=$(as_nobody mktemp -d)
135 temp_dir=$(as_nobody mktemp -d)
136
136
137 # Fetch Bluetooth sources
137 # Fetch Bluetooth sources
138 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
138 as_nobody git -C "${temp_dir}" clone "${BLUETOOTH_URL}"
139
139
140 # Copy downloaded sources
140 # Copy downloaded sources
141 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
141 mv "${temp_dir}/pi-bluetooth" "${R}/tmp/"
142
142
143 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
143 # Bluetooth firmware from arch aur https://aur.archlinux.org/packages/pi-bluetooth/
144 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
144 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" https://aur.archlinux.org/cgit/aur.git/plain/LICENCE.broadcom_bcm43xx?h=pi-bluetooth
145 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
145 as_nobody wget -q -O "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" https://raw.githubusercontent.com/RPi-Distro/bluez-firmware/master/broadcom/BCM43430A1.hcd
146
146
147 # Set permissions
147 # Set permissions
148 chown -R root:root "${R}/tmp/pi-bluetooth"
148 chown -R root:root "${R}/tmp/pi-bluetooth"
149
149
150 # Install tools
150 # Install tools
151 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
151 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/btuart" "${R}/usr/bin/btuart"
152 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
152 install_readonly "${R}/tmp/pi-bluetooth/usr/bin/bthelper" "${R}/usr/bin/bthelper"
153
153
154 # make scripts executable
154 # make scripts executable
155 chmod +x "${R}/usr/bin/bthelper"
155 chmod +x "${R}/usr/bin/bthelper"
156 chmod +x "${R}/usr/bin/btuart"
156 chmod +x "${R}/usr/bin/btuart"
157
157
158 # Install bluetooth udev rule
158 # Install bluetooth udev rule
159 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
159 install_readonly "${R}/tmp/pi-bluetooth/lib/udev/rules.d/90-pi-bluetooth.rules" "${LIB_DIR}/udev/rules.d/90-pi-bluetooth.rules"
160
160
161 # Install Firmware Flash file and apropiate licence
161 # Install Firmware Flash file and apropiate licence
162 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
162 mkdir -p "$BLUETOOTH_FIRMWARE_DIR"
163 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
163 install_readonly "${R}/tmp/pi-bluetooth/LICENCE.broadcom_bcm43xx" "${BLUETOOTH_FIRMWARE_DIR}/LICENCE.broadcom_bcm43xx"
164 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
164 install_readonly "${R}/tmp/pi-bluetooth/BCM43430A1.hcd" "${BLUETOOTH_FIRMWARE_DIR}/BCM43430A1.hcd"
165 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
165 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.bthelper@.service" "${ETC_DIR}/systemd/system/pi-bluetooth.bthelper@.service"
166 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
166 install_readonly "${R}/tmp/pi-bluetooth/debian/pi-bluetooth.hciuart.service" "${ETC_DIR}/systemd/system/pi-bluetooth.hciuart.service"
167
167
168 # Remove temporary directories
168 # Remove temporary directories
169 rm -fr "${temp_dir}"
169 rm -fr "${temp_dir}"
170 rm -fr "${R}"/tmp/pi-bluetooth
170 rm -fr "${R}"/tmp/pi-bluetooth
171
171
172 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
172 # Switch Pi3 Bluetooth function to use the mini-UART (ttyS0) and restore UART0/ttyAMA0 over GPIOs 14 & 15. Slow Bluetooth and slow cpu. Use /dev/ttyS0 instead of /dev/ttyAMA0
173 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
173 if [ "$ENABLE_MINIUART_OVERLAY" = true ] ; then
174 # set overlay to swap ttyAMA0 and ttyS0
174 # set overlay to swap ttyAMA0 and ttyS0
175 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
175 echo "dtoverlay=pi3-miniuart-bt" >> "${BOOT_DIR}/config.txt"
176
176
177 if [ "$ENABLE_TURBO" = false ] ; then
177 if [ "$ENABLE_TURBO" = false ] ; then
178 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
178 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
179 fi
179 fi
180
180
181 fi
181 fi
182
182
183 # Activate services
183 # Activate services
184 chroot_exec systemctl enable pi-bluetooth.hciuart.service
184 chroot_exec systemctl enable pi-bluetooth.hciuart.service
185
185
186 else # if ENABLE_BLUETOOTH = false
186 else # if ENABLE_BLUETOOTH = false
187 # set overlay to disable bluetooth
187 # set overlay to disable bluetooth
188 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
188 echo "dtoverlay=pi3-disable-bt" >> "${BOOT_DIR}/config.txt"
189 fi # ENABLE_BLUETOOTH end
189 fi # ENABLE_BLUETOOTH end
190 fi
190 fi
191
191
192 # may need sudo systemctl disable hciuart
192 # may need sudo systemctl disable hciuart
193 if [ "$ENABLE_CONSOLE" = true ] ; then
193 if [ "$ENABLE_CONSOLE" = true ] ; then
194 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
194 echo "enable_uart=1" >> "${BOOT_DIR}/config.txt"
195 # add string to cmdline
195 # add string to cmdline
196 CMDLINE="${CMDLINE} console=serial0,115200"
196 CMDLINE="${CMDLINE} console=serial0,115200"
197
197
198 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
198 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]|| [ "$RPI_MODEL" = 0 ]; then
199 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
199 # if force_turbo didn't lock cpu at high speed, lock it at low speed (XOR logic) or miniuart will be broken
200 if [ "$ENABLE_TURBO" = false ] ; then
200 if [ "$ENABLE_TURBO" = false ] ; then
201 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
201 echo "core_freq=250" >> "${BOOT_DIR}/config.txt"
202 fi
202 fi
203 fi
203 fi
204
204
205 # Enable serial console systemd style
205 # Enable serial console systemd style
206 chroot_exec systemctl enable serial-getty@serial0.service
206 chroot_exec systemctl enable serial-getty@serial0.service
207 else
207 else
208 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
208 echo "enable_uart=0" >> "${BOOT_DIR}/config.txt"
209 fi
209 fi
210
210
211 # Disable dphys-swapfile service. Will get enabled on first boot
212 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
213 chroot_exec systemctl disable dphys-swapfile
214 fi
215
211 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
216 if [ "$ENABLE_SYSTEMDSWAP" = true ] ; then
212 # Create temporary directory for systemd-swap sources
217 # Create temporary directory for systemd-swap sources
213 temp_dir=$(as_nobody mktemp -d)
218 temp_dir=$(as_nobody mktemp -d)
214
219
215 # Fetch systemd-swap sources
220 # Fetch systemd-swap sources
216 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
221 as_nobody git -C "${temp_dir}" clone "${SYSTEMDSWAP_URL}"
217
222
218 # Copy downloaded systemd-swap sources
223 # Copy downloaded systemd-swap sources
219 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
224 mv "${temp_dir}/systemd-swap" "${R}/tmp/"
220
225
221 # Change into downloaded src dir
226 # Change into downloaded src dir
222 cd "${R}/tmp/systemd-swap" || exit
227 cd "${R}/tmp/systemd-swap" || exit
223
228
224 # Build package
229 # Build package
225 bash ./package.sh debian
230 bash ./package.sh debian
226
231
227 # Change back into script root dir
232 # Change back into script root dir
228 cd "${WORKDIR}" || exit
233 cd "${WORKDIR}" || exit
229
234
230 # Set permissions of the systemd-swap sources
235 # Set permissions of the systemd-swap sources
231 chown -R root:root "${R}/tmp/systemd-swap"
236 chown -R root:root "${R}/tmp/systemd-swap"
232
237
233 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
238 # Install package - IMPROVE AND MAKE IT POSSIBLE WITHOUT VERSION NR.
234 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
239 chroot_exec dpkg -i /tmp/systemd-swap/systemd-swap_4.0.1_any.deb
235
240
236 # Enable service
241 # Enable service
237 chroot_exec systemctl enable systemd-swap
242 chroot_exec systemctl enable systemd-swap
238
243
239 # Remove temporary directory for systemd-swap sources
244 # Remove temporary directory for systemd-swap sources
240 rm -fr "${temp_dir}"
245 rm -fr "${temp_dir}"
241 else
246 else
242 # Enable ZSWAP in cmdline if systemd-swap is not used
247 # Enable ZSWAP in cmdline if systemd-swap is not used
243 if [ "$KERNEL_ZSWAP" = true ] ; then
248 if [ "$KERNEL_ZSWAP" = true ] ; then
244 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
249 CMDLINE="${CMDLINE} zswap.enabled=1 zswap.max_pool_percent=25 zswap.compressor=lz4"
245 fi
250 fi
246 fi
251 fi
247 if [ "$KERNEL_SECURITY" = true ] ; then
252 if [ "$KERNEL_SECURITY" = true ] ; then
248 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
253 CMDLINE="${CMDLINE} apparmor=1 security=apparmor"
249 fi
254 fi
250
255
251 # Install firmware boot cmdline
256 # Install firmware boot cmdline
252 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
257 echo "${CMDLINE}" > "${BOOT_DIR}/cmdline.txt"
253
258
254 # Setup minimal GPU memory allocation size: 16MB (no X)
259 # Setup minimal GPU memory allocation size: 16MB (no X)
255 if [ "$ENABLE_MINGPU" = true ] ; then
260 if [ "$ENABLE_MINGPU" = true ] ; then
256 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
261 echo "gpu_mem=16" >> "${BOOT_DIR}/config.txt"
257 fi
262 fi
258
263
259 # Setup boot with initramfs
264 # Setup boot with initramfs
260 if [ "$ENABLE_INITRAMFS" = true ] ; then
265 if [ "$ENABLE_INITRAMFS" = true ] ; then
261 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
266 echo "initramfs initramfs-${KERNEL_VERSION} followkernel" >> "${BOOT_DIR}/config.txt"
262 fi
267 fi
263
268
264 # Create firmware configuration and cmdline symlinks
269 # Create firmware configuration and cmdline symlinks
265 ln -sf firmware/config.txt "${R}/boot/config.txt"
270 ln -sf firmware/config.txt "${R}/boot/config.txt"
266 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
271 ln -sf firmware/cmdline.txt "${R}/boot/cmdline.txt"
267
272
268 # Install and setup kernel modules to load at boot
273 # Install and setup kernel modules to load at boot
269 mkdir -p "${LIB_DIR}/modules-load.d/"
274 mkdir -p "${LIB_DIR}/modules-load.d/"
270 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
275 install_readonly files/modules/rpi2.conf "${LIB_DIR}/modules-load.d/rpi2.conf"
271
276
272 # Load hardware random module at boot
277 # Load hardware random module at boot
273 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
278 if [ "$ENABLE_HWRANDOM" = true ] && [ "$BUILD_KERNEL" = false ] ; then
274 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
279 sed -i "s/^# bcm2708_rng/bcm2708_rng/" "${LIB_DIR}/modules-load.d/rpi2.conf"
275 fi
280 fi
276
281
277 # Load sound module at boot
282 # Load sound module at boot
278 if [ "$ENABLE_SOUND" = true ] ; then
283 if [ "$ENABLE_SOUND" = true ] ; then
279 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
284 sed -i "s/^# snd_bcm2835/snd_bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
280 else
285 else
281 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
286 echo "dtparam=audio=off" >> "${BOOT_DIR}/config.txt"
282 fi
287 fi
283
288
284 # Enable I2C interface
289 # Enable I2C interface
285 if [ "$ENABLE_I2C" = true ] ; then
290 if [ "$ENABLE_I2C" = true ] ; then
286 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
291 echo "dtparam=i2c_arm=on" >> "${BOOT_DIR}/config.txt"
287 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
292 sed -i "s/^# i2c-bcm2708/i2c-bcm2708/" "${LIB_DIR}/modules-load.d/rpi2.conf"
288 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
293 sed -i "s/^# i2c-dev/i2c-dev/" "${LIB_DIR}/modules-load.d/rpi2.conf"
289 fi
294 fi
290
295
291 # Enable SPI interface
296 # Enable SPI interface
292 if [ "$ENABLE_SPI" = true ] ; then
297 if [ "$ENABLE_SPI" = true ] ; then
293 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
298 echo "dtparam=spi=on" >> "${BOOT_DIR}/config.txt"
294 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
299 echo "spi-bcm2708" >> "${LIB_DIR}/modules-load.d/rpi2.conf"
295 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
300 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ]; then
296 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
301 sed -i "s/spi-bcm2708/spi-bcm2835/" "${LIB_DIR}/modules-load.d/rpi2.conf"
297 fi
302 fi
298 fi
303 fi
299
304
300 # Disable RPi2/3 under-voltage warnings
305 # Disable RPi2/3 under-voltage warnings
301 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
306 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
302 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
307 echo "avoid_warnings=${DISABLE_UNDERVOLT_WARNINGS}" >> "${BOOT_DIR}/config.txt"
303 fi
308 fi
304
309
305 # Install kernel modules blacklist
310 # Install kernel modules blacklist
306 mkdir -p "${ETC_DIR}/modprobe.d/"
311 mkdir -p "${ETC_DIR}/modprobe.d/"
307 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
312 install_readonly files/modules/raspi-blacklist.conf "${ETC_DIR}/modprobe.d/raspi-blacklist.conf"
308
313
309 # Install sysctl.d configuration files
314 # Install sysctl.d configuration files
310 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
315 install_readonly files/sysctl.d/81-rpi-vm.conf "${ETC_DIR}/sysctl.d/81-rpi-vm.conf"
@@ -1,136 +1,136
1 #
1 #
2 # Setup Networking
2 # Setup Networking
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Install and setup hostname
8 # Install and setup hostname
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
9 install_readonly files/network/hostname "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
10 sed -i "s/^RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hostname"
11
11
12 # Install and setup hosts
12 # Install and setup hosts
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
13 install_readonly files/network/hosts "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
14 sed -i "s/RaspberryPI/${HOSTNAME}/" "${ETC_DIR}/hosts"
15
15
16 # Setup hostname entry with static IP
16 # Setup hostname entry with static IP
17 if [ "$NET_ADDRESS" != "" ] ; then
17 if [ "$NET_ADDRESS" != "" ] ; then
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
18 NET_IP=$(echo "${NET_ADDRESS}" | cut -f 1 -d'/')
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
19 sed -i "s/^127.0.1.1/${NET_IP}/" "${ETC_DIR}/hosts"
20 fi
20 fi
21
21
22 # Remove IPv6 hosts
22 # Remove IPv6 hosts
23 if [ "$ENABLE_IPV6" = false ] ; then
23 if [ "$ENABLE_IPV6" = false ] ; then
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
24 sed -i -e "/::[1-9]/d" -e "/^$/d" "${ETC_DIR}/hosts"
25 fi
25 fi
26
26
27 # Install hint about network configuration
27 # Install hint about network configuration
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
28 install_readonly files/network/interfaces "${ETC_DIR}/network/interfaces"
29
29
30 # Install configuration for interface eth0
30 # Install configuration for interface eth0
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
31 install_readonly files/network/eth.network "${ETC_DIR}/systemd/network/eth.network"
32
32
33 if [ "$RPI_MODEL" = 3P ] ; then
33 if [ "$RPI_MODEL" = 3P ] ; then
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
34 printf "\n[Link]\nGenericReceiveOffload=off\nTCPSegmentationOffload=off\nGenericSegmentationOffload=off" >> "${ETC_DIR}/systemd/network/eth.network"
35 fi
35 fi
36
36
37 # Install configuration for interface wl*
37 # Install configuration for interface wl*
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
38 install_readonly files/network/wlan.network "${ETC_DIR}/systemd/network/wlan.network"
39
39
40 #always with dhcp since wpa_supplicant integration is missing
40 #always with dhcp since wpa_supplicant integration is missing
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
41 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/wlan.network"
42
42
43 if [ "$ENABLE_DHCP" = true ] ; then
43 if [ "$ENABLE_DHCP" = true ] ; then
44 # Enable DHCP configuration for interface eth0
44 # Enable DHCP configuration for interface eth0
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
45 sed -i -e "s/DHCP=.*/DHCP=yes/" -e "/DHCP/q" "${ETC_DIR}/systemd/network/eth.network"
46
46
47 # Set DHCP configuration to IPv4 only
47 # Set DHCP configuration to IPv4 only
48 if [ "$ENABLE_IPV6" = false ] ; then
48 if [ "$ENABLE_IPV6" = false ] ; then
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
49 sed -i "s/DHCP=.*/DHCP=v4/" "${ETC_DIR}/systemd/network/eth.network"
50 fi
50 fi
51
51
52 else # ENABLE_DHCP=false
52 else # ENABLE_DHCP=false
53 # Set static network configuration for interface eth0
53 # Set static network configuration for interface eth0
54 sed -i\
54 sed -i\
55 -e "s|DHCP=.*|DHCP=no|"\
55 -e "s|DHCP=.*|DHCP=no|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
56 -e "s|Address=\$|Address=${NET_ADDRESS}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
57 -e "s|Gateway=\$|Gateway=${NET_GATEWAY}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
58 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_1}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
59 -e "0,/DNS=\$/ s|DNS=\$|DNS=${NET_DNS_2}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
60 -e "s|Domains=\$|Domains=${NET_DNS_DOMAINS}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
61 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_1}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
62 -e "0,/NTP=\$/ s|NTP=\$|NTP=${NET_NTP_2}|"\
63 "${ETC_DIR}/systemd/network/eth.network"
63 "${ETC_DIR}/systemd/network/eth.network"
64 fi
64 fi
65
65
66 # Remove empty settings from network configuration
66 # Remove empty settings from network configuration
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
67 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/eth.network"
68 # Remove empty settings from wlan configuration
68 # Remove empty settings from wlan configuration
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
69 sed -i "/.*=\$/d" "${ETC_DIR}/systemd/network/wlan.network"
70
70
71 # Move systemd network configuration if required by Debian release
71 # Move systemd network configuration if required by Debian release
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
72 mv -v "${ETC_DIR}/systemd/network/eth.network" "${LIB_DIR}/systemd/network/10-eth.network"
73 # If WLAN is enabled copy wlan configuration too
73 # If WLAN is enabled copy wlan configuration too
74 if [ "$ENABLE_WIRELESS" = true ] ; then
74 if [ "$ENABLE_WIRELESS" = true ] ; then
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
75 mv -v "${ETC_DIR}/systemd/network/wlan.network" "${LIB_DIR}/systemd/network/11-wlan.network"
76 fi
76 fi
77 rm -fr "${ETC_DIR}/systemd/network"
77 rm -fr "${ETC_DIR}/systemd/network"
78
78
79 # Enable systemd-networkd service
79 # Enable systemd-networkd service
80 chroot_exec systemctl enable systemd-networkd
80 chroot_exec systemctl enable systemd-networkd
81
81
82 # Install host.conf resolver configuration
82 # Install host.conf resolver configuration
83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
83 install_readonly files/network/host.conf "${ETC_DIR}/host.conf"
84
84
85 # Enable network stack hardening
85 # Enable network stack hardening
86 if [ "$ENABLE_HARDNET" = true ] ; then
86 if [ "$ENABLE_HARDNET" = true ] ; then
87 # Install sysctl.d configuration files
87 # Install sysctl.d configuration files
88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
88 install_readonly files/sysctl.d/82-rpi-net-hardening.conf "${ETC_DIR}/sysctl.d/82-rpi-net-hardening.conf"
89
89
90 # Setup resolver warnings about spoofed addresses
90 # Setup resolver warnings about spoofed addresses
91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
91 sed -i "s/^# spoof warn/spoof warn/" "${ETC_DIR}/host.conf"
92 fi
92 fi
93
93
94 # Enable time sync
94 # Enable time sync
95 if [ "$NET_NTP_1" != "" ] ; then
95 if [ "$NET_NTP_1" != "" ] ; then
96 chroot_exec systemctl enable systemd-timesyncd.service
96 chroot_exec systemctl enable systemd-timesyncd.service
97 fi
97 fi
98
98
99 # Download the firmware binary blob required to use the RPi3 wireless interface
99 # Download the firmware binary blob required to use the RPi3 wireless interface
100 if [ "$ENABLE_WIRELESS" = true ] ; then
100 if [ "$ENABLE_WIRELESS" = true ] ; then
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
101 if [ ! -d "${WLAN_FIRMWARE_DIR}" ] ; then
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
102 mkdir -p "${WLAN_FIRMWARE_DIR}"
103 fi
103 fi
104
104
105 # Create temporary directory for firmware binary blob
105 # Create temporary directory for firmware binary blob
106 temp_dir=$(as_nobody mktemp -d)
106 temp_dir=$(as_nobody mktemp -d)
107
107
108 # Fetch firmware binary blob for RPI3B+
108 # Fetch firmware binary blob for RPI3B+
109 if [ "$RPI_MODEL" = 3P ] ; then
109 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
110 # Fetch firmware binary blob for RPi3P
110 # Fetch firmware binary blob for RPi3P
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
111 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.bin"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
112 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.txt"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
113 as_nobody wget -q -O "${temp_dir}/brcmfmac43455-sdio.clm_blob" "${WLAN_FIRMWARE_URL}/brcmfmac43455-sdio.clm_blob"
114
114
115 # Move downloaded firmware binary blob
115 # Move downloaded firmware binary blob
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
116 mv "${temp_dir}/brcmfmac43455-sdio."* "${WLAN_FIRMWARE_DIR}/"
117
117
118 # Set permissions of the firmware binary blob
118 # Set permissions of the firmware binary blob
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
119 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
120 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43455-sdio."*
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
121 elif [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 0 ] ; then
122 # Fetch firmware binary blob for RPi3
122 # Fetch firmware binary blob for RPi3
123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
123 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.bin" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.bin"
124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
124 as_nobody wget -q -O "${temp_dir}/brcmfmac43430-sdio.txt" "${WLAN_FIRMWARE_URL}/brcmfmac43430-sdio.txt"
125
125
126 # Move downloaded firmware binary blob
126 # Move downloaded firmware binary blob
127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
127 mv "${temp_dir}/brcmfmac43430-sdio."* "${WLAN_FIRMWARE_DIR}/"
128
128
129 # Set permissions of the firmware binary blob
129 # Set permissions of the firmware binary blob
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
130 chown root:root "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
131 chmod 600 "${WLAN_FIRMWARE_DIR}/brcmfmac43430-sdio."*
132 fi
132 fi
133
133
134 # Remove temporary directory for firmware binary blob
134 # Remove temporary directory for firmware binary blob
135 rm -fr "${temp_dir}"
135 rm -fr "${temp_dir}"
136 fi
136 fi
@@ -1,97 +1,97
1 #!/bin/sh
1 #!/bin/sh
2 #
2 #
3 # Build and Setup nexmon with monitor mode patch
3 # Build and Setup nexmon with monitor mode patch
4 #
4 #
5
5
6 # Load utility functions
6 # Load utility functions
7 . ./functions.sh
7 . ./functions.sh
8
8
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
9 if [ "$ENABLE_NEXMON" = true ] && [ "$ENABLE_WIRELESS" = true ]; then
10 # Copy existing nexmon sources into chroot directory
10 # Copy existing nexmon sources into chroot directory
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
11 if [ -n "$NEXMONSRC_DIR" ] && [ -d "$NEXMONSRC_DIR" ] ; then
12 # Copy local U-Boot sources
12 # Copy local U-Boot sources
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
13 cp -r "${NEXMONSRC_DIR}" "${R}/tmp"
14 else
14 else
15 # Create temporary directory for nexmon sources
15 # Create temporary directory for nexmon sources
16 temp_dir=$(as_nobody mktemp -d)
16 temp_dir=$(as_nobody mktemp -d)
17
17
18 # Fetch nexmon sources
18 # Fetch nexmon sources
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
19 as_nobody git -C "${temp_dir}" clone "${NEXMON_URL}"
20
20
21 # Copy downloaded nexmon sources
21 # Copy downloaded nexmon sources
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
22 mv "${temp_dir}/nexmon" "${R}"/tmp/
23
23
24 # Set permissions of the nexmon sources
24 # Set permissions of the nexmon sources
25 chown -R root:root "${R}"/tmp/nexmon
25 chown -R root:root "${R}"/tmp/nexmon
26
26
27 # Remove temporary directory for nexmon sources
27 # Remove temporary directory for nexmon sources
28 rm -fr "${temp_dir}"
28 rm -fr "${temp_dir}"
29 fi
29 fi
30
30
31 # Set script Root
31 # Set script Root
32 export NEXMON_ROOT="${R}"/tmp/nexmon
32 export NEXMON_ROOT="${R}"/tmp/nexmon
33
33
34 # Build nexmon firmware outside the build system, if we can.
34 # Build nexmon firmware outside the build system, if we can.
35 cd "${NEXMON_ROOT}" || exit
35 cd "${NEXMON_ROOT}" || exit
36
36
37 # Make ancient isl build
37 # Make ancient isl build
38 cd buildtools/isl-0.10 || exit
38 cd buildtools/isl-0.10 || exit
39 ./configure
39 ./configure
40 make
40 make
41 cd ../.. || exit
41 cd ../.. || exit
42
42
43 # Disable statistics
43 # Disable statistics
44 touch DISABLE_STATISTICS
44 touch DISABLE_STATISTICS
45
45
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
46 # Setup Enviroment: see https://github.com/NoobieDog/nexmon/blob/master/setup_env.sh
47 export KERNEL="${KERNEL_IMAGE}"
47 export KERNEL="${KERNEL_IMAGE}"
48 export ARCH=arm
48 export ARCH=arm
49 export SUBARCH=arm
49 export SUBARCH=arm
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
50 export CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
51 export CC="${CC}"gcc
51 export CC="${CC}"gcc
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
52 export CCPLUGIN="${NEXMON_ROOT}"/buildtools/gcc-nexmon-plugin/nexmon.so
53 export ZLIBFLATE="zlib-flate -compress"
53 export ZLIBFLATE="zlib-flate -compress"
54 export Q=@
54 export Q=@
55 export NEXMON_SETUP_ENV=1
55 export NEXMON_SETUP_ENV=1
56 export HOSTUNAME=$(uname -s)
56 export HOSTUNAME=$(uname -s)
57 export PLATFORMUNAME=$(uname -m)
57 export PLATFORMUNAME=$(uname -m)
58
58
59 # Make nexmon
59 # Make nexmon
60 make
60 make
61
61
62 # build patches
62 # build patches
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
63 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] ; then
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
64 cd "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon || exit
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
65 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43430a1/7_45_41_46/nexmon/Makefile
66 make clean
66 make clean
67
67
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
68 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
69 LD_LIBRARY_PATH="${NEXMON_ROOT}"/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
70
70
71 # copy RPi0W & RPi3 firmware
71 # copy RPi0W & RPi3 firmware
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
72 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.org.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
73 cp "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.nexmon.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
74 cp -f "${NEXMON_ROOT}"/patches/bcm43430a1/7_45_41_46/nexmon/brcmfmac43430-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43430-sdio.bin
75 fi
75 fi
76
76
77 if [ "$RPI_MODEL" = 3P ] ; then
77 if [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
78 cd "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon || exit
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
79 sed -i -e 's/all:.*/all: $(RAM_FILE)/g' ${NEXMON_ROOT}/patches/bcm43455c0/7_45_154/nexmon/Makefile
80 make clean
80 make clean
81
81
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
82 # We do this so we don't have to install the ancient isl version into /usr/local/lib on systems.
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
83 LD_LIBRARY_PATH=${NEXMON_ROOT}/buildtools/isl-0.10/.libs make ARCH="${KERNEL_ARCH}" CC="${NEXMON_ROOT}"/buildtools/gcc-arm-none-eabi-5_4-2016q2-linux-x86/bin/arm-none-eabi-
84
84
85 # RPi3B+ firmware
85 # RPi3B+ firmware
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
86 mv "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.org.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
87 cp "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.nexmon.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
88 cp -f "${NEXMON_ROOT}"/patches/bcm43455c0/7_45_154/nexmon/brcmfmac43455-sdio.bin "${WLAN_FIRMWARE_DIR}"/brcmfmac43455-sdio.bin
89 fi
89 fi
90
90
91 #Revert to previous directory
91 #Revert to previous directory
92 cd "${WORKDIR}" || exit
92 cd "${WORKDIR}" || exit
93
93
94 # Remove nexmon sources
94 # Remove nexmon sources
95 rm -fr "${NEXMON_ROOT}"
95 rm -fr "${NEXMON_ROOT}"
96
96
97 fi
97 fi
@@ -1,49 +1,54
1 #
1 #
2 # First boot actions
2 # First boot actions
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 # Prepare rc.firstboot script
8 # Prepare rc.firstboot script
9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
9 cat files/firstboot/10-begin.sh > "${ETC_DIR}/rc.firstboot"
10
10
11 # Ensure openssh server host keys are regenerated on first boot
12 if [ "$ENABLE_SSHD" = true ] ; then
13 cat files/firstboot/21-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
14 fi
15
16 # Prepare filesystem auto expand
11 # Prepare filesystem auto expand
17 if [ "$EXPANDROOT" = true ] ; then
12 if [ "$EXPANDROOT" = true ] ; then
18 if [ "$ENABLE_CRYPTFS" = false ] ; then
13 if [ "$ENABLE_CRYPTFS" = false ] ; then
19 cat files/firstboot/22-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
14 cat files/firstboot/20-expandroot.sh >> "${ETC_DIR}/rc.firstboot"
20 else
15 else
21 # Regenerate initramfs to remove encrypted root partition auto expand
16 # Regenerate initramfs to remove encrypted root partition auto expand
22 cat files/firstboot/23-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
17 cat files/firstboot/21-regenerate-initramfs.sh >> "${ETC_DIR}/rc.firstboot"
18 fi
19
20 # Restart dphys-swapfile so the size of the swap file is relative to the resized root partition
21 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
22 cat files/firstboot/23-restart-dphys-swapfile.sh >> "${ETC_DIR}/rc.firstboot"
23 fi
23 fi
24 fi
25
26 # Ensure openssh server host keys are regenerated on first boot
27 if [ "$ENABLE_SSHD" = true ] ; then
28 cat files/firstboot/30-generate-ssh-keys.sh >> "${ETC_DIR}/rc.firstboot"
24 fi
29 fi
25
30
26 # Ensure that dbus machine-id exists
31 # Ensure that dbus machine-id exists
27 cat files/firstboot/24-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
32 cat files/firstboot/40-generate-machineid.sh >> "${ETC_DIR}/rc.firstboot"
28
33
29 # Create /etc/resolv.conf symlink
34 # Create /etc/resolv.conf symlink
30 cat files/firstboot/25-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
35 cat files/firstboot/41-create-resolv-symlink.sh >> "${ETC_DIR}/rc.firstboot"
31
36
32 # Configure automatic network interface names
37 # Configure automatic network interface names
33 if [ "$ENABLE_IFNAMES" = true ] ; then
38 if [ "$ENABLE_IFNAMES" = true ] ; then
34 cat files/firstboot/26-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
39 cat files/firstboot/42-config-ifnames.sh >> "${ETC_DIR}/rc.firstboot"
35 fi
40 fi
36
41
37 # Finalize rc.firstboot script
42 # Finalize rc.firstboot script
38 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
43 cat files/firstboot/99-finish.sh >> "${ETC_DIR}/rc.firstboot"
39 chmod +x "${ETC_DIR}/rc.firstboot"
44 chmod +x "${ETC_DIR}/rc.firstboot"
40
45
41 # Install default rc.local if it does not exist
46 # Install default rc.local if it does not exist
42 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
47 if [ ! -f "${ETC_DIR}/rc.local" ] ; then
43 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
48 install_exec files/etc/rc.local "${ETC_DIR}/rc.local"
44 fi
49 fi
45
50
46 # Add rc.firstboot script to rc.local
51 # Add rc.firstboot script to rc.local
47 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
52 sed -i '/exit 0/d' "${ETC_DIR}/rc.local"
48 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
53 echo /etc/rc.firstboot >> "${ETC_DIR}/rc.local"
49 echo exit 0 >> "${ETC_DIR}/rc.local"
54 echo exit 0 >> "${ETC_DIR}/rc.local"
1 NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh
NO CONTENT: file renamed from files/firstboot/22-expandroot.sh to files/firstboot/20-expandroot.sh
1 NO CONTENT: file renamed from files/firstboot/23-regenerate-initramfs.sh to files/firstboot/21-regenerate-initramfs.sh
NO CONTENT: file renamed from files/firstboot/23-regenerate-initramfs.sh to files/firstboot/21-regenerate-initramfs.sh
1 NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh
NO CONTENT: file renamed from files/firstboot/21-generate-ssh-keys.sh to files/firstboot/30-generate-ssh-keys.sh
1 NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
NO CONTENT: file renamed from files/firstboot/24-generate-machineid.sh to files/firstboot/40-generate-machineid.sh
1 NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
NO CONTENT: file renamed from files/firstboot/25-create-resolv-symlink.sh to files/firstboot/41-create-resolv-symlink.sh
1 NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
NO CONTENT: file renamed from files/firstboot/26-config-ifnames.sh to files/firstboot/42-config-ifnames.sh
@@ -1,892 +1,895
1 #!/bin/sh
1 #!/bin/sh
2 ########################################################################
2 ########################################################################
3 # rpi23-gen-image.sh 2015-2017
3 # rpi23-gen-image.sh 2015-2017
4 #
4 #
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
5 # Advanced Debian "stretch" and "buster" bootstrap script for Raspberry Pi
6 #
6 #
7 # This program is free software; you can redistribute it and/or
7 # This program is free software; you can redistribute it and/or
8 # modify it under the terms of the GNU General Public License
8 # modify it under the terms of the GNU General Public License
9 # as published by the Free Software Foundation; either version 2
9 # as published by the Free Software Foundation; either version 2
10 # of the License, or (at your option) any later version.
10 # of the License, or (at your option) any later version.
11 #
11 #
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
12 # Copyright (C) 2015 Jan Wagner <mail@jwagner.eu>
13 #
13 #
14 # Big thanks for patches and enhancements by 20+ github contributors!
14 # Big thanks for patches and enhancements by 20+ github contributors!
15 ########################################################################
15 ########################################################################
16
16
17 # Are we running as root?
17 # Are we running as root?
18 if [ "$(id -u)" -ne "0" ] ; then
18 if [ "$(id -u)" -ne "0" ] ; then
19 echo "error: this script must be executed with root privileges!"
19 echo "error: this script must be executed with root privileges!"
20 exit 1
20 exit 1
21 fi
21 fi
22
22
23 # Check if ./functions.sh script exists
23 # Check if ./functions.sh script exists
24 if [ ! -r "./functions.sh" ] ; then
24 if [ ! -r "./functions.sh" ] ; then
25 echo "error: './functions.sh' required script not found!"
25 echo "error: './functions.sh' required script not found!"
26 exit 1
26 exit 1
27 fi
27 fi
28
28
29 # Load utility functions
29 # Load utility functions
30 . ./functions.sh
30 . ./functions.sh
31
31
32 # Load parameters from configuration template file
32 # Load parameters from configuration template file
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
33 if [ -n "$CONFIG_TEMPLATE" ] ; then
34 use_template
34 use_template
35 fi
35 fi
36
36
37 # Introduce settings
37 # Introduce settings
38 set -e
38 set -e
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
39 echo -n -e "\n#\n# RPi 0/1/2/3 Bootstrap Settings\n#\n"
40 set -x
40 set -x
41
41
42 # Raspberry Pi model configuration
42 # Raspberry Pi model configuration
43 RPI_MODEL=${RPI_MODEL:=2}
43 RPI_MODEL=${RPI_MODEL:=2}
44
44
45 # Debian release
45 # Debian release
46 RELEASE=${RELEASE:=buster}
46 RELEASE=${RELEASE:=buster}
47
47
48 # Kernel Branch
48 # Kernel Branch
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
49 KERNEL_BRANCH=${KERNEL_BRANCH:=""}
50
50
51 # URLs
51 # URLs
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
52 KERNEL_URL=${KERNEL_URL:=https://github.com/raspberrypi/linux}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
53 FIRMWARE_URL=${FIRMWARE_URL:=https://github.com/raspberrypi/firmware/raw/master/boot}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
54 WLAN_FIRMWARE_URL=${WLAN_FIRMWARE_URL:=https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
55 COLLABORA_URL=${COLLABORA_URL:=https://repositories.collabora.co.uk/debian}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
56 FBTURBO_URL=${FBTURBO_URL:=https://github.com/ssvb/xf86-video-fbturbo.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
57 UBOOT_URL=${UBOOT_URL:=https://git.denx.de/u-boot.git}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
58 VIDEOCORE_URL=${VIDEOCORE_URL:=https://github.com/raspberrypi/userland}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
59 BLUETOOTH_URL=${BLUETOOTH_URL:=https://github.com/RPi-Distro/pi-bluetooth.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
60 NEXMON_URL=${NEXMON_URL:=https://github.com/seemoo-lab/nexmon.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
61 SYSTEMDSWAP_URL=${SYSTEMDSWAP_URL:=https://github.com/Nefelim4ag/systemd-swap.git}
62
62
63 # Kernel deb packages for 32bit kernel
63 # Kernel deb packages for 32bit kernel
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
64 RPI_32_KERNEL_URL=${RPI_32_KERNEL_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
65 RPI_32_KERNELHEADER_URL=${RPI_32_KERNELHEADER_URL:=https://github.com/hypriot/rpi-kernel/releases/download/v4.14.34/raspberrypi-kernel-headers_20180422-141901_armhf.deb}
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
66 # Kernel has KVM and zswap enabled - use if KERNEL_* parameters and precompiled kernel are used
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
67 RPI3_64_BIS_KERNEL_URL=${RPI3_64_BIS_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel-bis/releases/download/4.14.80.20181113/bcmrpi3-kernel-bis-4.14.80.20181113.tar.xz}
68 # Default precompiled 64bit kernel
68 # Default precompiled 64bit kernel
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
69 RPI3_64_DEF_KERNEL_URL=${RPI3_64_DEF_KERNEL_URL:=https://github.com/sakaki-/bcmrpi3-kernel/releases/download/4.14.80.20181113/bcmrpi3-kernel-4.14.80.20181113.tar.xz}
70 # Sakaki BIS Kernel RPI4
71 RPI4_64_DEF_KERNEL_URL=https://github.com/sakaki-/bcm2711-kernel-bis/releases/download/4.19.59.20190724/bcm2711-kernel-bis-4.19.59.20190724.tar.xz
70 # Generic
72 # Generic
71 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
73 RPI3_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI3_64_DEF_KERNEL_URL}
74 RPI4_64_KERNEL_URL=${RPI3_64_KERNEL_URL:=$RPI4_64_DEF_KERNEL_URL}
72 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
75 # Kali kernel src - used if ENABLE_NEXMON=true (they patch the wlan kernel modul)
73 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
76 KALI_KERNEL_URL=${KALI_KERNEL_URL:=https://github.com/Re4son/re4son-raspberrypi-linux.git}
74
77
75 # Build directories
78 # Build directories
76 WORKDIR=$(pwd)
79 WORKDIR=$(pwd)
77 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
80 BASEDIR=${BASEDIR:=${WORKDIR}/images/${RELEASE}}
78 BUILDDIR="${BASEDIR}/build"
81 BUILDDIR="${BASEDIR}/build"
79
82
80 # Chroot directories
83 # Chroot directories
81 R="${BUILDDIR}/chroot"
84 R="${BUILDDIR}/chroot"
82 ETC_DIR="${R}/etc"
85 ETC_DIR="${R}/etc"
83 LIB_DIR="${R}/lib"
86 LIB_DIR="${R}/lib"
84 BOOT_DIR="${R}/boot/firmware"
87 BOOT_DIR="${R}/boot/firmware"
85 KERNEL_DIR="${R}/usr/src/linux"
88 KERNEL_DIR="${R}/usr/src/linux"
86 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
89 WLAN_FIRMWARE_DIR="${LIB_DIR}/firmware/brcm"
87 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
90 BLUETOOTH_FIRMWARE_DIR="${ETC_DIR}/firmware/bt"
88
91
89 # Firmware directory: Blank if download from github
92 # Firmware directory: Blank if download from github
90 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
93 RPI_FIRMWARE_DIR=${RPI_FIRMWARE_DIR:=""}
91
94
92 # General settings
95 # General settings
93 SET_ARCH=${SET_ARCH:=32}
96 SET_ARCH=${SET_ARCH:=32}
94 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
97 HOSTNAME=${HOSTNAME:=rpi${RPI_MODEL}-${RELEASE}}
95 PASSWORD=${PASSWORD:=raspberry}
98 PASSWORD=${PASSWORD:=raspberry}
96 USER_PASSWORD=${USER_PASSWORD:=raspberry}
99 USER_PASSWORD=${USER_PASSWORD:=raspberry}
97 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
100 DEFLOCAL=${DEFLOCAL:="en_US.UTF-8"}
98 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
101 TIMEZONE=${TIMEZONE:="Europe/Berlin"}
99 EXPANDROOT=${EXPANDROOT:=true}
102 EXPANDROOT=${EXPANDROOT:=true}
103 ENABLE_DPHYSSWAP=${ENABLE_DPHYSSWAP:=true}
100
104
101 # Keyboard settings
105 # Keyboard settings
102 XKB_MODEL=${XKB_MODEL:=""}
106 XKB_MODEL=${XKB_MODEL:=""}
103 XKB_LAYOUT=${XKB_LAYOUT:=""}
107 XKB_LAYOUT=${XKB_LAYOUT:=""}
104 XKB_VARIANT=${XKB_VARIANT:=""}
108 XKB_VARIANT=${XKB_VARIANT:=""}
105 XKB_OPTIONS=${XKB_OPTIONS:=""}
109 XKB_OPTIONS=${XKB_OPTIONS:=""}
106
110
107 # Network settings (DHCP)
111 # Network settings (DHCP)
108 ENABLE_DHCP=${ENABLE_DHCP:=true}
112 ENABLE_DHCP=${ENABLE_DHCP:=true}
109
113
110 # Network settings (static)
114 # Network settings (static)
111 NET_ADDRESS=${NET_ADDRESS:=""}
115 NET_ADDRESS=${NET_ADDRESS:=""}
112 NET_GATEWAY=${NET_GATEWAY:=""}
116 NET_GATEWAY=${NET_GATEWAY:=""}
113 NET_DNS_1=${NET_DNS_1:=""}
117 NET_DNS_1=${NET_DNS_1:=""}
114 NET_DNS_2=${NET_DNS_2:=""}
118 NET_DNS_2=${NET_DNS_2:=""}
115 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
119 NET_DNS_DOMAINS=${NET_DNS_DOMAINS:=""}
116 NET_NTP_1=${NET_NTP_1:=""}
120 NET_NTP_1=${NET_NTP_1:=""}
117 NET_NTP_2=${NET_NTP_2:=""}
121 NET_NTP_2=${NET_NTP_2:=""}
118
122
119 # APT settings
123 # APT settings
120 APT_PROXY=${APT_PROXY:=""}
124 APT_PROXY=${APT_PROXY:=""}
121 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
125 APT_SERVER=${APT_SERVER:="ftp.debian.org"}
122 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
126 KEEP_APT_PROXY=${KEEP_APT_PROXY:=false}
123
127
124 # Feature settings
128 # Feature settings
125 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
129 ENABLE_PRINTK=${ENABLE_PRINTK:=false}
126 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
130 ENABLE_BLUETOOTH=${ENABLE_BLUETOOTH:=false}
127 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
131 ENABLE_MINIUART_OVERLAY=${ENABLE_MINIUART_OVERLAY:=false}
128 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
132 ENABLE_CONSOLE=${ENABLE_CONSOLE:=true}
129 ENABLE_I2C=${ENABLE_I2C:=false}
133 ENABLE_I2C=${ENABLE_I2C:=false}
130 ENABLE_SPI=${ENABLE_SPI:=false}
134 ENABLE_SPI=${ENABLE_SPI:=false}
131 ENABLE_IPV6=${ENABLE_IPV6:=true}
135 ENABLE_IPV6=${ENABLE_IPV6:=true}
132 ENABLE_SSHD=${ENABLE_SSHD:=true}
136 ENABLE_SSHD=${ENABLE_SSHD:=true}
133 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
137 ENABLE_NONFREE=${ENABLE_NONFREE:=false}
134 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
138 ENABLE_WIRELESS=${ENABLE_WIRELESS:=false}
135 ENABLE_SOUND=${ENABLE_SOUND:=true}
139 ENABLE_SOUND=${ENABLE_SOUND:=true}
136 ENABLE_DBUS=${ENABLE_DBUS:=true}
140 ENABLE_DBUS=${ENABLE_DBUS:=true}
137 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
141 ENABLE_HWRANDOM=${ENABLE_HWRANDOM:=true}
138 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
142 ENABLE_MINGPU=${ENABLE_MINGPU:=false}
139 ENABLE_XORG=${ENABLE_XORG:=false}
143 ENABLE_XORG=${ENABLE_XORG:=false}
140 ENABLE_WM=${ENABLE_WM:=""}
144 ENABLE_WM=${ENABLE_WM:=""}
141 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
145 ENABLE_RSYSLOG=${ENABLE_RSYSLOG:=true}
142 ENABLE_USER=${ENABLE_USER:=true}
146 ENABLE_USER=${ENABLE_USER:=true}
143 USER_NAME=${USER_NAME:="pi"}
147 USER_NAME=${USER_NAME:="pi"}
144 ENABLE_ROOT=${ENABLE_ROOT:=false}
148 ENABLE_ROOT=${ENABLE_ROOT:=false}
145 ENABLE_QEMU=${ENABLE_QEMU:=false}
149 ENABLE_QEMU=${ENABLE_QEMU:=false}
146 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
150 ENABLE_SYSVINIT=${ENABLE_SYSVINIT:=false}
147 ENABLE_KEYGEN=${ENABLE_KEYGEN:=true}
151 ENABLE_KEYGEN=${ENABLE_KEYGEN:=true}
148
152
149 # SSH settings
153 # SSH settings
150 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
154 SSH_ENABLE_ROOT=${SSH_ENABLE_ROOT:=false}
151 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
155 SSH_DISABLE_PASSWORD_AUTH=${SSH_DISABLE_PASSWORD_AUTH:=false}
152 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
156 SSH_LIMIT_USERS=${SSH_LIMIT_USERS:=false}
153 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
157 SSH_ROOT_PUB_KEY=${SSH_ROOT_PUB_KEY:=""}
154 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
158 SSH_USER_PUB_KEY=${SSH_USER_PUB_KEY:=""}
155
159
156 # Advanced settings
160 # Advanced settings
157 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
161 ENABLE_SYSTEMDSWAP=${ENABLE_SYSTEMDSWAP:=false}
158 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
162 ENABLE_MINBASE=${ENABLE_MINBASE:=false}
159 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
163 ENABLE_REDUCE=${ENABLE_REDUCE:=false}
160 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
164 ENABLE_UBOOT=${ENABLE_UBOOT:=false}
161 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
165 UBOOTSRC_DIR=${UBOOTSRC_DIR:=""}
162 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
166 ENABLE_USBBOOT=${ENABLE_USBBOOT=false}
163 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
167 ENABLE_FBTURBO=${ENABLE_FBTURBO:=false}
164 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
168 ENABLE_VIDEOCORE=${ENABLE_VIDEOCORE:=false}
165 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
169 ENABLE_NEXMON=${ENABLE_NEXMON:=false}
166 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
170 VIDEOCORESRC_DIR=${VIDEOCORESRC_DIR:=""}
167 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
171 FBTURBOSRC_DIR=${FBTURBOSRC_DIR:=""}
168 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
172 NEXMONSRC_DIR=${NEXMONSRC_DIR:=""}
169 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
173 ENABLE_HARDNET=${ENABLE_HARDNET:=false}
170 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
174 ENABLE_IPTABLES=${ENABLE_IPTABLES:=false}
171 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
175 ENABLE_SPLITFS=${ENABLE_SPLITFS:=false}
172 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
176 ENABLE_INITRAMFS=${ENABLE_INITRAMFS:=false}
173 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
177 ENABLE_IFNAMES=${ENABLE_IFNAMES:=true}
174 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
178 ENABLE_SPLASH=${ENABLE_SPLASH:=true}
175 ENABLE_LOGO=${ENABLE_LOGO:=true}
179 ENABLE_LOGO=${ENABLE_LOGO:=true}
176 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
180 ENABLE_SILENT_BOOT=${ENABLE_SILENT_BOOT=false}
177 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
181 DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS:=}
178
182
179 # Kernel compilation settings
183 # Kernel compilation settings
180 BUILD_KERNEL=${BUILD_KERNEL:=true}
184 BUILD_KERNEL=${BUILD_KERNEL:=true}
181 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
185 KERNEL_REDUCE=${KERNEL_REDUCE:=false}
182 KERNEL_THREADS=${KERNEL_THREADS:=1}
186 KERNEL_THREADS=${KERNEL_THREADS:=1}
183 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
187 KERNEL_HEADERS=${KERNEL_HEADERS:=true}
184 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
188 KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
185 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
189 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
186 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
190 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
187 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
191 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
188 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
192 KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
189 KERNEL_VIRT=${KERNEL_VIRT:=false}
193 KERNEL_VIRT=${KERNEL_VIRT:=false}
190 KERNEL_BPF=${KERNEL_BPF:=false}
194 KERNEL_BPF=${KERNEL_BPF:=false}
191 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
195 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=ondemand}
192 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
196 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
193 KERNEL_NF=${KERNEL_NF:=false}
197 KERNEL_NF=${KERNEL_NF:=false}
194
198
195 # Kernel compilation from source directory settings
199 # Kernel compilation from source directory settings
196 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
200 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
197 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
201 KERNELSRC_CLEAN=${KERNELSRC_CLEAN:=false}
198 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
202 KERNELSRC_CONFIG=${KERNELSRC_CONFIG:=true}
199 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
203 KERNELSRC_PREBUILT=${KERNELSRC_PREBUILT:=false}
200
204
201 # Reduce disk usage settings
205 # Reduce disk usage settings
202 REDUCE_APT=${REDUCE_APT:=true}
206 REDUCE_APT=${REDUCE_APT:=true}
203 REDUCE_DOC=${REDUCE_DOC:=true}
207 REDUCE_DOC=${REDUCE_DOC:=true}
204 REDUCE_MAN=${REDUCE_MAN:=true}
208 REDUCE_MAN=${REDUCE_MAN:=true}
205 REDUCE_VIM=${REDUCE_VIM:=false}
209 REDUCE_VIM=${REDUCE_VIM:=false}
206 REDUCE_BASH=${REDUCE_BASH:=false}
210 REDUCE_BASH=${REDUCE_BASH:=false}
207 REDUCE_HWDB=${REDUCE_HWDB:=true}
211 REDUCE_HWDB=${REDUCE_HWDB:=true}
208 REDUCE_SSHD=${REDUCE_SSHD:=true}
212 REDUCE_SSHD=${REDUCE_SSHD:=true}
209 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
213 REDUCE_LOCALE=${REDUCE_LOCALE:=true}
210
214
211 # Encrypted filesystem settings
215 # Encrypted filesystem settings
212 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
216 ENABLE_CRYPTFS=${ENABLE_CRYPTFS:=false}
213 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
217 CRYPTFS_PASSWORD=${CRYPTFS_PASSWORD:=""}
214 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
218 CRYPTFS_MAPPING=${CRYPTFS_MAPPING:="secure"}
215 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
219 CRYPTFS_CIPHER=${CRYPTFS_CIPHER:="aes-xts-plain64:sha512"}
216 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
220 CRYPTFS_XTSKEYSIZE=${CRYPTFS_XTSKEYSIZE:=512}
217 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
221 #Dropbear-initramfs supports unlocking encrypted filesystem via SSH on bootup
218 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
222 CRYPTFS_DROPBEAR=${CRYPTFS_DROPBEAR:=false}
219 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
223 #Provide your own Dropbear Public RSA-OpenSSH Key otherwise it will be generated
220 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
224 CRYPTFS_DROPBEAR_PUBKEY=${CRYPTFS_DROPBEAR_PUBKEY:=""}
221
225
222 # Chroot scripts directory
226 # Chroot scripts directory
223 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
227 CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
224
228
225 # Packages required in the chroot build environment
229 # Packages required in the chroot build environment
226 APT_INCLUDES=${APT_INCLUDES:=""}
230 APT_INCLUDES=${APT_INCLUDES:=""}
227 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
231 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
228
232
229 # Packages to exclude from chroot build environment
233 # Packages to exclude from chroot build environment
230 APT_EXCLUDES=${APT_EXCLUDES:=""}
234 APT_EXCLUDES=${APT_EXCLUDES:=""}
231
235
232 # Packages required for bootstrapping
236 # Packages required for bootstrapping
233 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
237 REQUIRED_PACKAGES="debootstrap debian-archive-keyring qemu-user-static binfmt-support dosfstools rsync bmap-tools whois git bc psmisc dbus sudo"
234 #Requierd=netselect-apt
238 #Requierd=netselect-apt
235 MISSING_PACKAGES=""
239 MISSING_PACKAGES=""
236
240
237 # Packages installed for c/c++ build environment in chroot (keep empty)
241 # Packages installed for c/c++ build environment in chroot (keep empty)
238 COMPILER_PACKAGES=""
242 COMPILER_PACKAGES=""
239
243
240 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
244 # Check if apt-cacher-ng has port 3142 open and set APT_PROXY
241 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
245 APT_CACHER_RUNNING=$(lsof -i :3142 | cut -d ' ' -f3 | uniq | sed '/^\s*$/d')
242 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
246 if [ "${APT_CACHER_RUNNING}" = "apt-cacher-ng" ] ; then
243 APT_PROXY=http://127.0.0.1:3142/
247 APT_PROXY=http://127.0.0.1:3142/
244 fi
248 fi
245
249
246 # netselect-apt does not know buster yet
250 # Setup architecture specific settings
247 #if [ "$RELEASE" = "buster" ] ; then
248 # RLS=testing
249 #else
250 # RLS="$RELEASE"
251 #fi
252
253 #if [ -f "$(pwd)/files/apt/sources.list" ] ; then
254 #rm "$(pwd)/files/apt/sources.list"
255 #fi
256
257 #if [ "$ENABLE_NONFREE" = true ] ; then
258 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --nonfree --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
259 #else
260 # netselect-apt --arch "$RELEASE_ARCH" -t 3 --sources --outfile "$(pwd)/files/apt/sources.list" -d "$RLS"
261 #fi
262
263 # sed and cut the result string so we can use it as APT_SERVER
264 #APT_SERVER=$(grep -m 1 http files/apt/sources.list | sed "s|http://| |g" | cut -d ' ' -f 3 | sed 's|/$|''|')
265
266 # make script easier and more stable to use with convenient setup switch. Just setup SET_ARCH and RPI_MODEL and your good to go!
267 if [ -n "$SET_ARCH" ] ; then
251 if [ -n "$SET_ARCH" ] ; then
268 # 64-bit configuration
252 # 64-bit configuration
269 if [ "$SET_ARCH" = 64 ] ; then
253 if [ "$SET_ARCH" = 64 ] ; then
270 # General 64-bit depended settings
254 # General 64-bit depended settings
271 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
255 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-aarch64-static}
272 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
256 KERNEL_ARCH=${KERNEL_ARCH:=arm64}
273 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
257 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="Image"}
274
258
275 # Raspberry Pi model specific settings
259 # Raspberry Pi model specific settings
276 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
260 if [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
277 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
261 if [ "$RPI_MODEL" != 4 ] ; then
278 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
262 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi3_defconfig}
263 else
264 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
265 fi
266
267 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-arm64"
279 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
268 RELEASE_ARCH=${RELEASE_ARCH:=arm64}
280 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
269 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel8.img}
281 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
270 CROSS_COMPILE=${CROSS_COMPILE:=aarch64-linux-gnu-}
282 else
271 else
283 echo "error: Only Raspberry PI 3 and 3B+ support 64-bit"
272 echo "error: Only Raspberry PI 3, 3B+ and 4 support 64-bit"
284 exit 1
273 exit 1
285 fi
274 fi
286 fi
275 fi
287
276
288 # 32-bit configuration
277 # 32-bit configuration
289 if [ "$SET_ARCH" = 32 ] ; then
278 if [ "$SET_ARCH" = 32 ] ; then
290 # General 32-bit dependend settings
279 # General 32-bit dependend settings
291 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
280 QEMU_BINARY=${QEMU_BINARY:=/usr/bin/qemu-arm-static}
292 KERNEL_ARCH=${KERNEL_ARCH:=arm}
281 KERNEL_ARCH=${KERNEL_ARCH:=arm}
293 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
282 KERNEL_BIN_IMAGE=${KERNEL_BIN_IMAGE:="zImage"}
294
283
295 # Raspberry Pi model specific settings
284 # Raspberry Pi model specific settings
296 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
285 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 1P ] ; then
297 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
286 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armel"
298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
287 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcmrpi_defconfig}
299 RELEASE_ARCH=${RELEASE_ARCH:=armel}
288 RELEASE_ARCH=${RELEASE_ARCH:=armel}
300 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
289 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel.img}
301 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
290 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabi-}
302 fi
291 fi
303
292
304 # Raspberry Pi model specific settings
293 # Raspberry Pi model specific settings
305 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
294 if [ "$RPI_MODEL" = 2 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
306 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
295 if [ "$RPI_MODEL" != 4 ] ; then
307 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
296 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2709_defconfig}
297 else
298 KERNEL_DEFCONFIG=${KERNEL_DEFCONFIG:=bcm2711_defconfig}
299 fi
300
301 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} crossbuild-essential-armhf"
308 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
302 RELEASE_ARCH=${RELEASE_ARCH:=armhf}
309 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
303 KERNEL_IMAGE=${KERNEL_IMAGE:=kernel7.img}
310 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
304 CROSS_COMPILE=${CROSS_COMPILE:=arm-linux-gnueabihf-}
311 fi
305 fi
312 fi
306 fi
313 # SET_ARCH not set
307 # SET_ARCH not set
314 else
308 else
315 echo "error: Please set '32' or '64' as value for SET_ARCH"
309 echo "error: Please set '32' or '64' as value for SET_ARCH"
316 exit 1
310 exit 1
317 fi
311 fi
318 # Device specific configuration and U-Boot configuration
312 # Device specific configuration and U-Boot configuration
319 case "$RPI_MODEL" in
313 case "$RPI_MODEL" in
320 0)
314 0)
321 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
315 DTB_FILE=${DTB_FILE:=bcm2708-rpi-0-w.dtb}
322 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
316 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
323 ;;
317 ;;
324 1)
318 1)
325 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
319 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b.dtb}
326 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
320 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
327 ;;
321 ;;
328 1P)
322 1P)
329 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
323 DTB_FILE=${DTB_FILE:=bcm2708-rpi-b-plus.dtb}
330 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
324 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_defconfig}
331 ;;
325 ;;
332 2)
326 2)
333 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
327 DTB_FILE=${DTB_FILE:=bcm2709-rpi-2-b.dtb}
334 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
328 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_2_defconfig}
335 ;;
329 ;;
336 3)
330 3)
337 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
331 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
338 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
332 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
339 ;;
333 ;;
340 3P)
334 3P)
341 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
335 DTB_FILE=${DTB_FILE:=bcm2710-rpi-3-b.dtb}
342 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
336 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_3_defconfig}
343 ;;
337 ;;
338 4)
339 DTB_FILE=${DTB_FILE:=bcm2711-rpi-4-b.dtb}
340 UBOOT_CONFIG=${UBOOT_CONFIG:=rpi_4_defconfig}
341 ;;
344 *)
342 *)
345 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
343 echo "error: Raspberry Pi model $RPI_MODEL is not supported!"
346 exit 1
344 exit 1
347 ;;
345 ;;
348 esac
346 esac
349
347
350 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
348 # Raspberry PI 0,3,3P with Bluetooth and Wifi onboard
351 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; then
349 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] || [ "$RPI_MODEL" = 4 ] ; then
352 # Include bluetooth packages on supported boards
350 # Include bluetooth packages on supported boards
353 if [ "$ENABLE_BLUETOOTH" = true ] ; then
351 if [ "$ENABLE_BLUETOOTH" = true ] ; then
354 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
352 APT_INCLUDES="${APT_INCLUDES},bluetooth,bluez"
355 fi
353 fi
356 if [ "$ENABLE_WIRELESS" = true ] ; then
354 if [ "$ENABLE_WIRELESS" = true ] ; then
357 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb,firmware-brcm80211"
355 APT_INCLUDES="${APT_INCLUDES},wireless-tools,crda,wireless-regdb"
358 fi
356 fi
359 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
357 else # Raspberry PI 1,1P,2 without Wifi and bluetooth onboard
360 # Check if the internal wireless interface is not supported by the RPi model
358 # Check if the internal wireless interface is not supported by the RPi model
361 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
359 if [ "$ENABLE_WIRELESS" = true ] || [ "$ENABLE_BLUETOOTH" = true ]; then
362 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
360 echo "error: The selected Raspberry Pi model has no integrated interface for wireless or bluetooth"
363 exit 1
361 exit 1
364 fi
362 fi
365 fi
363 fi
366
364
367 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
365 if [ "$BUILD_KERNEL" = false ] && [ "$ENABLE_NEXMON" = true ]; then
368 echo "error: You have to compile kernel sources, if you want to enable nexmon"
366 echo "error: You have to compile kernel sources, if you want to enable nexmon"
369 exit 1
367 exit 1
370 fi
368 fi
371
369
372 # Prepare date string for default image file name
370 # Prepare date string for default image file name
373 DATE="$(date +%Y-%m-%d)"
371 DATE="$(date +%Y-%m-%d)"
374 if [ -z "$KERNEL_BRANCH" ] ; then
372 if [ -z "$KERNEL_BRANCH" ] ; then
375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
373 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
376 else
374 else
377 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
375 IMAGE_NAME=${IMAGE_NAME:=${BASEDIR}/${DATE}-${KERNEL_ARCH}-${KERNEL_BRANCH}-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
378 fi
376 fi
379
377
380 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
378 # Check if DISABLE_UNDERVOLT_WARNINGS parameter value is supported
381 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
379 if [ -n "$DISABLE_UNDERVOLT_WARNINGS" ] ; then
382 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
380 if [ "$DISABLE_UNDERVOLT_WARNINGS" != 1 ] && [ "$DISABLE_UNDERVOLT_WARNINGS" != 2 ] ; then
383 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
381 echo "error: DISABLE_UNDERVOLT_WARNINGS=${DISABLE_UNDERVOLT_WARNINGS} is not supported"
384 exit 1
382 exit 1
385 fi
383 fi
386 fi
384 fi
387
385
388 set +x
386 set +x
389
387
390 # Add cmake to compile videocore sources
388 # Add cmake to compile videocore sources
391 if [ "$ENABLE_KEYGEN" = true ] ; then
389 if [ "$ENABLE_KEYGEN" = true ] ; then
392 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} perl"
390 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} perl"
393 fi
391 fi
394
392
395 # Add cmake to compile videocore sources
393 # Add cmake to compile videocore sources
396 if [ "$ENABLE_VIDEOCORE" = true ] ; then
394 if [ "$ENABLE_VIDEOCORE" = true ] ; then
397 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
395 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cmake"
398 fi
396 fi
399
397
400 # Add deps for nexmon
398 # Add deps for nexmon
401 if [ "$ENABLE_NEXMON" = true ] ; then
399 if [ "$ENABLE_NEXMON" = true ] ; then
402 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
400 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libgmp3-dev gawk qpdf bison flex make autoconf automake build-essential libtool"
403 fi
401 fi
404
402
405 # Add libncurses5 to enable kernel menuconfig
403 # Add libncurses5 to enable kernel menuconfig
406 if [ "$KERNEL_MENUCONFIG" = true ] ; then
404 if [ "$KERNEL_MENUCONFIG" = true ] ; then
407 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
405 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} libncurses-dev"
408 fi
406 fi
409
407
410 # Add ccache compiler cache for (faster) kernel cross (re)compilation
408 # Add ccache compiler cache for (faster) kernel cross (re)compilation
411 if [ "$KERNEL_CCACHE" = true ] ; then
409 if [ "$KERNEL_CCACHE" = true ] ; then
412 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
410 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} ccache"
413 fi
411 fi
414
412
415 # Add cryptsetup package to enable filesystem encryption
413 # Add cryptsetup package to enable filesystem encryption
416 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
414 if [ "$ENABLE_CRYPTFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
417 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
415 REQUIRED_PACKAGES="${REQUIRED_PACKAGES} cryptsetup"
418 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
416 APT_INCLUDES="${APT_INCLUDES},cryptsetup,busybox,console-setup"
419
417
420 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
418 # If cryptfs,dropbear and initramfs are enabled include dropbear-initramfs package
421 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
419 if [ "$CRYPTFS_DROPBEAR" = true ] && [ "$ENABLE_INITRAMFS" = true ]; then
422 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
420 APT_INCLUDES="${APT_INCLUDES},dropbear-initramfs"
423 fi
421 fi
424
422
425 if [ -z "$CRYPTFS_PASSWORD" ] ; then
423 if [ -z "$CRYPTFS_PASSWORD" ] ; then
426 echo "error: no password defined (CRYPTFS_PASSWORD)!"
424 echo "error: no password defined (CRYPTFS_PASSWORD)!"
427 exit 1
425 exit 1
428 fi
426 fi
429 ENABLE_INITRAMFS=true
427 ENABLE_INITRAMFS=true
430 fi
428 fi
431
429
432 # Add initramfs generation tools
430 # Add initramfs generation tools
433 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
431 if [ "$ENABLE_INITRAMFS" = true ] && [ "$BUILD_KERNEL" = true ] ; then
434 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
432 APT_INCLUDES="${APT_INCLUDES},initramfs-tools"
435 fi
433 fi
436
434
437 # Add device-tree-compiler required for building the U-Boot bootloader
435 # Add device-tree-compiler required for building the U-Boot bootloader
438 if [ "$ENABLE_UBOOT" = true ] ; then
436 if [ "$ENABLE_UBOOT" = true ] ; then
439 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
437 APT_INCLUDES="${APT_INCLUDES},device-tree-compiler,bison,flex,bc"
440 fi
438 fi
441
439
442 if [ "$ENABLE_USBBOOT" = true ] ; then
440 if [ "$ENABLE_USBBOOT" = true ] ; then
443 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
441 if [ "$RPI_MODEL" = 0 ] || [ "$RPI_MODEL" = 1P ] || [ "$RPI_MODEL" = 1 ] || [ "$RPI_MODEL" = 2 ]; then
444 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
442 echo "error: Booting from USB alone is only supported by Raspberry Pi 3 and 3P"
445 exit 1
443 exit 1
446 fi
444 fi
447 fi
445 fi
448
446
449 # Check if root SSH (v2) public key file exists
447 # Check if root SSH (v2) public key file exists
450 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
448 if [ -n "$SSH_ROOT_PUB_KEY" ] ; then
451 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
449 if [ ! -f "$SSH_ROOT_PUB_KEY" ] ; then
452 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
450 echo "error: '$SSH_ROOT_PUB_KEY' specified SSH public key file not found (SSH_ROOT_PUB_KEY)!"
453 exit 1
451 exit 1
454 fi
452 fi
455 fi
453 fi
456
454
457 # Check if $USER_NAME SSH (v2) public key file exists
455 # Check if $USER_NAME SSH (v2) public key file exists
458 if [ -n "$SSH_USER_PUB_KEY" ] ; then
456 if [ -n "$SSH_USER_PUB_KEY" ] ; then
459 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
457 if [ ! -f "$SSH_USER_PUB_KEY" ] ; then
460 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
458 echo "error: '$SSH_USER_PUB_KEY' specified SSH public key file not found (SSH_USER_PUB_KEY)!"
461 exit 1
459 exit 1
462 fi
460 fi
463 fi
461 fi
464
462
465 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
463 if [ "$ENABLE_NEXMON" = true ] && [ -n "$KERNEL_BRANCH" ] ; then
466 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
464 echo "error: Please unset KERNEL_BRANCH if using ENABLE_NEXMON"
467 exit 1
465 exit 1
468 fi
466 fi
469
467
470 # Check if all required packages are installed on the build system
468 # Check if all required packages are installed on the build system
471 for package in $REQUIRED_PACKAGES ; do
469 for package in $REQUIRED_PACKAGES ; do
472 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
470 if [ "$(dpkg-query -W -f='${Status}' "$package")" != "install ok installed" ] ; then
473 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
471 MISSING_PACKAGES="${MISSING_PACKAGES} $package"
474 fi
472 fi
475 done
473 done
476
474
477 # If there are missing packages ask confirmation for install, or exit
475 # If there are missing packages ask confirmation for install, or exit
478 if [ -n "$MISSING_PACKAGES" ] ; then
476 if [ -n "$MISSING_PACKAGES" ] ; then
479 echo "the following packages needed by this script are not installed:"
477 echo "the following packages needed by this script are not installed:"
480 echo "$MISSING_PACKAGES"
478 echo "$MISSING_PACKAGES"
481
479
482 printf "\ndo you want to install the missing packages right now? [y/n] "
480 printf "\ndo you want to install the missing packages right now? [y/n] "
483 read -r confirm
481 read -r confirm
484 [ "$confirm" != "y" ] && exit 1
482 [ "$confirm" != "y" ] && exit 1
485
483
486 # Make sure all missing required packages are installed
484 # Make sure all missing required packages are installed
487 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
485 apt-get -qq -y install `echo "${MISSING_PACKAGES}" | sed "s/ //"`
488 fi
486 fi
489
487
490 # Check if ./bootstrap.d directory exists
488 # Check if ./bootstrap.d directory exists
491 if [ ! -d "./bootstrap.d/" ] ; then
489 if [ ! -d "./bootstrap.d/" ] ; then
492 echo "error: './bootstrap.d' required directory not found!"
490 echo "error: './bootstrap.d' required directory not found!"
493 exit 1
491 exit 1
494 fi
492 fi
495
493
496 # Check if ./files directory exists
494 # Check if ./files directory exists
497 if [ ! -d "./files/" ] ; then
495 if [ ! -d "./files/" ] ; then
498 echo "error: './files' required directory not found!"
496 echo "error: './files' required directory not found!"
499 exit 1
497 exit 1
500 fi
498 fi
501
499
502 # Check if specified KERNELSRC_DIR directory exists
500 # Check if specified KERNELSRC_DIR directory exists
503 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
501 if [ -n "$KERNELSRC_DIR" ] && [ ! -d "$KERNELSRC_DIR" ] ; then
504 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
502 echo "error: '${KERNELSRC_DIR}' specified directory not found (KERNELSRC_DIR)!"
505 exit 1
503 exit 1
506 fi
504 fi
507
505
508 # Check if specified UBOOTSRC_DIR directory exists
506 # Check if specified UBOOTSRC_DIR directory exists
509 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
507 if [ -n "$UBOOTSRC_DIR" ] && [ ! -d "$UBOOTSRC_DIR" ] ; then
510 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
508 echo "error: '${UBOOTSRC_DIR}' specified directory not found (UBOOTSRC_DIR)!"
511 exit 1
509 exit 1
512 fi
510 fi
513
511
514 # Check if specified VIDEOCORESRC_DIR directory exists
512 # Check if specified VIDEOCORESRC_DIR directory exists
515 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
513 if [ -n "$VIDEOCORESRC_DIR" ] && [ ! -d "$VIDEOCORESRC_DIR" ] ; then
516 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
514 echo "error: '${VIDEOCORESRC_DIR}' specified directory not found (VIDEOCORESRC_DIR)!"
517 exit 1
515 exit 1
518 fi
516 fi
519
517
520 # Check if specified FBTURBOSRC_DIR directory exists
518 # Check if specified FBTURBOSRC_DIR directory exists
521 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
519 if [ -n "$FBTURBOSRC_DIR" ] && [ ! -d "$FBTURBOSRC_DIR" ] ; then
522 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
520 echo "error: '${FBTURBOSRC_DIR}' specified directory not found (FBTURBOSRC_DIR)!"
523 exit 1
521 exit 1
524 fi
522 fi
525
523
526 # Check if specified NEXMONSRC_DIR directory exists
524 # Check if specified NEXMONSRC_DIR directory exists
527 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
525 if [ -n "$NEXMONSRC_DIR" ] && [ ! -d "$NEXMONSRC_DIR" ] ; then
528 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
526 echo "error: '${NEXMONSRC_DIR}' specified directory not found (NEXMONSRC_DIR)!"
529 exit 1
527 exit 1
530 fi
528 fi
531
529
532 # Check if specified CHROOT_SCRIPTS directory exists
530 # Check if specified CHROOT_SCRIPTS directory exists
533 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
531 if [ -n "$CHROOT_SCRIPTS" ] && [ ! -d "$CHROOT_SCRIPTS" ] ; then
534 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
532 echo "error: ${CHROOT_SCRIPTS} specified directory not found (CHROOT_SCRIPTS)!"
535 exit 1
533 exit 1
536 fi
534 fi
537
535
538 # Check if specified device mapping already exists (will be used by cryptsetup)
536 # Check if specified device mapping already exists (will be used by cryptsetup)
539 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
537 if [ -r "/dev/mapping/${CRYPTFS_MAPPING}" ] ; then
540 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
538 echo "error: mapping /dev/mapping/${CRYPTFS_MAPPING} already exists, not proceeding"
541 exit 1
539 exit 1
542 fi
540 fi
543
541
544 # Don't clobber an old build
542 # Don't clobber an old build
545 if [ -e "$BUILDDIR" ] ; then
543 if [ -e "$BUILDDIR" ] ; then
546 echo "error: directory ${BUILDDIR} already exists, not proceeding"
544 echo "error: directory ${BUILDDIR} already exists, not proceeding"
547 exit 1
545 exit 1
548 fi
546 fi
549
547
550 # Setup chroot directory
548 # Setup chroot directory
551 mkdir -p "${R}"
549 mkdir -p "${R}"
552
550
553 # Check if build directory has enough of free disk space >512MB
551 # Check if build directory has enough of free disk space >512MB
554 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
552 if [ "$(df --output=avail "${BUILDDIR}" | sed "1d")" -le "524288" ] ; then
555 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
553 echo "error: ${BUILDDIR} not enough space left to generate the output image!"
556 exit 1
554 exit 1
557 fi
555 fi
558
556
559 set -x
557 set -x
560
558
561 # Call "cleanup" function on various signals and errors
559 # Call "cleanup" function on various signals and errors
562 trap cleanup 0 1 2 3 6
560 trap cleanup 0 1 2 3 6
563
561
564 # Add required packages for the minbase installation
562 # Add required packages for the minbase installation
565 if [ "$ENABLE_MINBASE" = true ] ; then
563 if [ "$ENABLE_MINBASE" = true ] ; then
566 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
564 APT_INCLUDES="${APT_INCLUDES},vim-tiny,netbase,net-tools,ifupdown"
567 fi
565 fi
568
566
569 # Add parted package, required to get partprobe utility
567 # Add parted package, required to get partprobe utility
570 if [ "$EXPANDROOT" = true ] ; then
568 if [ "$EXPANDROOT" = true ] ; then
571 APT_INCLUDES="${APT_INCLUDES},parted"
569 APT_INCLUDES="${APT_INCLUDES},parted"
572 fi
570 fi
573
571
572 # Add dphys-swapfile package, required to enable swap
573 if [ "$ENABLE_DPHYSSWAP" = true ] ; then
574 APT_INCLUDES="${APT_INCLUDES},dphys-swapfile"
575 fi
576
574 # Add dbus package, recommended if using systemd
577 # Add dbus package, recommended if using systemd
575 if [ "$ENABLE_DBUS" = true ] ; then
578 if [ "$ENABLE_DBUS" = true ] ; then
576 APT_INCLUDES="${APT_INCLUDES},dbus"
579 APT_INCLUDES="${APT_INCLUDES},dbus"
577 fi
580 fi
578
581
579 # Add iptables IPv4/IPv6 package
582 # Add iptables IPv4/IPv6 package
580 if [ "$ENABLE_IPTABLES" = true ] ; then
583 if [ "$ENABLE_IPTABLES" = true ] ; then
581 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
584 APT_INCLUDES="${APT_INCLUDES},iptables,iptables-persistent"
582 fi
585 fi
583 # Add apparmor for KERNEL_SECURITY
586 # Add apparmor for KERNEL_SECURITY
584 if [ "$KERNEL_SECURITY" = true ] ; then
587 if [ "$KERNEL_SECURITY" = true ] ; then
585 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
588 APT_INCLUDES="${APT_INCLUDES},apparmor,apparmor-utils,apparmor-profiles,apparmor-profiles-extra,libapparmor-perl"
586 fi
589 fi
587
590
588 # Add openssh server package
591 # Add openssh server package
589 if [ "$ENABLE_SSHD" = true ] ; then
592 if [ "$ENABLE_SSHD" = true ] ; then
590 APT_INCLUDES="${APT_INCLUDES},openssh-server"
593 APT_INCLUDES="${APT_INCLUDES},openssh-server"
591 fi
594 fi
592
595
593 # Add alsa-utils package
596 # Add alsa-utils package
594 if [ "$ENABLE_SOUND" = true ] ; then
597 if [ "$ENABLE_SOUND" = true ] ; then
595 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
598 APT_INCLUDES="${APT_INCLUDES},alsa-utils"
596 fi
599 fi
597
600
598 # Add rng-tools package
601 # Add rng-tools package
599 if [ "$ENABLE_HWRANDOM" = true ] ; then
602 if [ "$ENABLE_HWRANDOM" = true ] ; then
600 APT_INCLUDES="${APT_INCLUDES},rng-tools"
603 APT_INCLUDES="${APT_INCLUDES},rng-tools"
601 fi
604 fi
602
605
603 # Add fbturbo video driver
606 # Add fbturbo video driver
604 if [ "$ENABLE_FBTURBO" = true ] ; then
607 if [ "$ENABLE_FBTURBO" = true ] ; then
605 # Enable xorg package dependencies
608 # Enable xorg package dependencies
606 ENABLE_XORG=true
609 ENABLE_XORG=true
607 fi
610 fi
608
611
609 # Add user defined window manager package
612 # Add user defined window manager package
610 if [ -n "$ENABLE_WM" ] ; then
613 if [ -n "$ENABLE_WM" ] ; then
611 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
614 APT_INCLUDES="${APT_INCLUDES},${ENABLE_WM}"
612
615
613 # Enable xorg package dependencies
616 # Enable xorg package dependencies
614 ENABLE_XORG=true
617 ENABLE_XORG=true
615 fi
618 fi
616
619
617 # Add xorg package
620 # Add xorg package
618 if [ "$ENABLE_XORG" = true ] ; then
621 if [ "$ENABLE_XORG" = true ] ; then
619 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
622 APT_INCLUDES="${APT_INCLUDES},xorg,dbus-x11"
620 fi
623 fi
621
624
622 # Replace selected packages with smaller clones
625 # Replace selected packages with smaller clones
623 if [ "$ENABLE_REDUCE" = true ] ; then
626 if [ "$ENABLE_REDUCE" = true ] ; then
624 # Add levee package instead of vim-tiny
627 # Add levee package instead of vim-tiny
625 if [ "$REDUCE_VIM" = true ] ; then
628 if [ "$REDUCE_VIM" = true ] ; then
626 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
629 APT_INCLUDES="$(echo ${APT_INCLUDES} | sed "s/vim-tiny/levee/")"
627 fi
630 fi
628
631
629 # Add dropbear package instead of openssh-server
632 # Add dropbear package instead of openssh-server
630 if [ "$REDUCE_SSHD" = true ] ; then
633 if [ "$REDUCE_SSHD" = true ] ; then
631 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
634 APT_INCLUDES="$(echo "${APT_INCLUDES}" | sed "s/openssh-server/dropbear/")"
632 fi
635 fi
633 fi
636 fi
634
637
635 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
638 # Configure systemd-sysv exclude to make halt/reboot/shutdown scripts available
636 if [ "$ENABLE_SYSVINIT" = false ] ; then
639 if [ "$ENABLE_SYSVINIT" = false ] ; then
637 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
640 APT_EXCLUDES="--exclude=${APT_EXCLUDES},init,systemd-sysv"
638 fi
641 fi
639
642
640 # Configure kernel sources if no KERNELSRC_DIR
643 # Configure kernel sources if no KERNELSRC_DIR
641 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
644 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
642 KERNELSRC_CONFIG=true
645 KERNELSRC_CONFIG=true
643 fi
646 fi
644
647
645 # Configure reduced kernel
648 # Configure reduced kernel
646 if [ "$KERNEL_REDUCE" = true ] ; then
649 if [ "$KERNEL_REDUCE" = true ] ; then
647 KERNELSRC_CONFIG=false
650 KERNELSRC_CONFIG=false
648 fi
651 fi
649
652
650 # Configure qemu compatible kernel
653 # Configure qemu compatible kernel
651 if [ "$ENABLE_QEMU" = true ] ; then
654 if [ "$ENABLE_QEMU" = true ] ; then
652 DTB_FILE=vexpress-v2p-ca15_a7.dtb
655 DTB_FILE=vexpress-v2p-ca15_a7.dtb
653 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
656 UBOOT_CONFIG=vexpress_ca15_tc2_defconfig
654 KERNEL_DEFCONFIG="vexpress_defconfig"
657 KERNEL_DEFCONFIG="vexpress_defconfig"
655 if [ "$KERNEL_MENUCONFIG" = false ] ; then
658 if [ "$KERNEL_MENUCONFIG" = false ] ; then
656 KERNEL_OLDDEFCONFIG=true
659 KERNEL_OLDDEFCONFIG=true
657 fi
660 fi
658 fi
661 fi
659
662
660 # Execute bootstrap scripts
663 # Execute bootstrap scripts
661 for SCRIPT in bootstrap.d/*.sh; do
664 for SCRIPT in bootstrap.d/*.sh; do
662 head -n 3 "$SCRIPT"
665 head -n 3 "$SCRIPT"
663 . "$SCRIPT"
666 . "$SCRIPT"
664 done
667 done
665
668
666 ## Execute custom bootstrap scripts
669 ## Execute custom bootstrap scripts
667 if [ -d "custom.d" ] ; then
670 if [ -d "custom.d" ] ; then
668 for SCRIPT in custom.d/*.sh; do
671 for SCRIPT in custom.d/*.sh; do
669 . "$SCRIPT"
672 . "$SCRIPT"
670 done
673 done
671 fi
674 fi
672
675
673 # Execute custom scripts inside the chroot
676 # Execute custom scripts inside the chroot
674 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
677 if [ -n "$CHROOT_SCRIPTS" ] && [ -d "$CHROOT_SCRIPTS" ] ; then
675 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
678 cp -r "${CHROOT_SCRIPTS}" "${R}/chroot_scripts"
676 chroot_exec /bin/bash -x <<'EOF'
679 chroot_exec /bin/bash -x <<'EOF'
677 for SCRIPT in /chroot_scripts/* ; do
680 for SCRIPT in /chroot_scripts/* ; do
678 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
681 if [ -f $SCRIPT -a -x $SCRIPT ] ; then
679 $SCRIPT
682 $SCRIPT
680 fi
683 fi
681 done
684 done
682 EOF
685 EOF
683 rm -rf "${R}/chroot_scripts"
686 rm -rf "${R}/chroot_scripts"
684 fi
687 fi
685
688
686 # Remove c/c++ build environment from the chroot
689 # Remove c/c++ build environment from the chroot
687 chroot_remove_cc
690 chroot_remove_cc
688
691
689 # Generate required machine-id
692 # Generate required machine-id
690 MACHINE_ID=$(dbus-uuidgen)
693 MACHINE_ID=$(dbus-uuidgen)
691 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
694 echo -n "${MACHINE_ID}" > "${R}/var/lib/dbus/machine-id"
692 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
695 echo -n "${MACHINE_ID}" > "${ETC_DIR}/machine-id"
693
696
694 # APT Cleanup
697 # APT Cleanup
695 chroot_exec apt-get -y clean
698 chroot_exec apt-get -y clean
696 chroot_exec apt-get -y autoclean
699 chroot_exec apt-get -y autoclean
697 chroot_exec apt-get -y autoremove
700 chroot_exec apt-get -y autoremove
698
701
699 # Unmount mounted filesystems
702 # Unmount mounted filesystems
700 umount -l "${R}/proc"
703 umount -l "${R}/proc"
701 umount -l "${R}/sys"
704 umount -l "${R}/sys"
702
705
703 # Clean up directories
706 # Clean up directories
704 rm -rf "${R}/run/*"
707 rm -rf "${R}/run/*"
705 rm -rf "${R}/tmp/*"
708 rm -rf "${R}/tmp/*"
706
709
707 # Clean up APT proxy settings
710 # Clean up APT proxy settings
708 if [ "$KEEP_APT_PROXY" = false ] ; then
711 if [ "$KEEP_APT_PROXY" = false ] ; then
709 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
712 rm -f "${ETC_DIR}/apt/apt.conf.d/10proxy"
710 fi
713 fi
711
714
712 # Clean up files
715 # Clean up files
713 rm -f "${ETC_DIR}/ssh/ssh_host_*"
716 rm -f "${ETC_DIR}/ssh/ssh_host_*"
714 rm -f "${ETC_DIR}/dropbear/dropbear_*"
717 rm -f "${ETC_DIR}/dropbear/dropbear_*"
715 rm -f "${ETC_DIR}/apt/sources.list.save"
718 rm -f "${ETC_DIR}/apt/sources.list.save"
716 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
719 rm -f "${ETC_DIR}/resolvconf/resolv.conf.d/original"
717 rm -f "${ETC_DIR}/*-"
720 rm -f "${ETC_DIR}/*-"
718 rm -f "${ETC_DIR}/resolv.conf"
721 rm -f "${ETC_DIR}/resolv.conf"
719 rm -f "${R}/root/.bash_history"
722 rm -f "${R}/root/.bash_history"
720 rm -f "${R}/var/lib/urandom/random-seed"
723 rm -f "${R}/var/lib/urandom/random-seed"
721 rm -f "${R}/initrd.img"
724 rm -f "${R}/initrd.img"
722 rm -f "${R}/vmlinuz"
725 rm -f "${R}/vmlinuz"
723 rm -f "${R}${QEMU_BINARY}"
726 rm -f "${R}${QEMU_BINARY}"
724
727
725 if [ "$ENABLE_QEMU" = true ] ; then
728 if [ "$ENABLE_QEMU" = true ] ; then
726 # Setup QEMU directory
729 # Setup QEMU directory
727 mkdir "${BASEDIR}/qemu"
730 mkdir "${BASEDIR}/qemu"
728
731
729 # Copy kernel image to QEMU directory
732 # Copy kernel image to QEMU directory
730 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
733 install_readonly "${BOOT_DIR}/${KERNEL_IMAGE}" "${BASEDIR}/qemu/${KERNEL_IMAGE}"
731
734
732 # Copy kernel config to QEMU directory
735 # Copy kernel config to QEMU directory
733 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
736 install_readonly "${R}/boot/config-${KERNEL_VERSION}" "${BASEDIR}/qemu/config-${KERNEL_VERSION}"
734
737
735 # Copy kernel dtbs to QEMU directory
738 # Copy kernel dtbs to QEMU directory
736 for dtb in "${BOOT_DIR}/"*.dtb ; do
739 for dtb in "${BOOT_DIR}/"*.dtb ; do
737 if [ -f "${dtb}" ] ; then
740 if [ -f "${dtb}" ] ; then
738 install_readonly "${dtb}" "${BASEDIR}/qemu/"
741 install_readonly "${dtb}" "${BASEDIR}/qemu/"
739 fi
742 fi
740 done
743 done
741
744
742 # Copy kernel overlays to QEMU directory
745 # Copy kernel overlays to QEMU directory
743 if [ -d "${BOOT_DIR}/overlays" ] ; then
746 if [ -d "${BOOT_DIR}/overlays" ] ; then
744 # Setup overlays dtbs directory
747 # Setup overlays dtbs directory
745 mkdir "${BASEDIR}/qemu/overlays"
748 mkdir "${BASEDIR}/qemu/overlays"
746
749
747 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
750 for dtb in "${BOOT_DIR}/overlays/"*.dtbo ; do
748 if [ -f "${dtb}" ] ; then
751 if [ -f "${dtb}" ] ; then
749 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
752 install_readonly "${dtb}" "${BASEDIR}/qemu/overlays/"
750 fi
753 fi
751 done
754 done
752 fi
755 fi
753
756
754 # Copy u-boot files to QEMU directory
757 # Copy u-boot files to QEMU directory
755 if [ "$ENABLE_UBOOT" = true ] ; then
758 if [ "$ENABLE_UBOOT" = true ] ; then
756 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
759 if [ -f "${BOOT_DIR}/u-boot.bin" ] ; then
757 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
760 install_readonly "${BOOT_DIR}/u-boot.bin" "${BASEDIR}/qemu/u-boot.bin"
758 fi
761 fi
759 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
762 if [ -f "${BOOT_DIR}/uboot.mkimage" ] ; then
760 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
763 install_readonly "${BOOT_DIR}/uboot.mkimage" "${BASEDIR}/qemu/uboot.mkimage"
761 fi
764 fi
762 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
765 if [ -f "${BOOT_DIR}/boot.scr" ] ; then
763 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
766 install_readonly "${BOOT_DIR}/boot.scr" "${BASEDIR}/qemu/boot.scr"
764 fi
767 fi
765 fi
768 fi
766
769
767 # Copy initramfs to QEMU directory
770 # Copy initramfs to QEMU directory
768 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
771 if [ -f "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" ] ; then
769 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
772 install_readonly "${BOOT_DIR}/initramfs-${KERNEL_VERSION}" "${BASEDIR}/qemu/initramfs-${KERNEL_VERSION}"
770 fi
773 fi
771 fi
774 fi
772
775
773 # Calculate size of the chroot directory in KB
776 # Calculate size of the chroot directory in KB
774 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
777 CHROOT_SIZE=$(expr "$(du -s "${R}" | awk '{ print $1 }')")
775
778
776 # Calculate the amount of needed 512 Byte sectors
779 # Calculate the amount of needed 512 Byte sectors
777 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
780 TABLE_SECTORS=$(expr 1 \* 1024 \* 1024 \/ 512)
778 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
781 FRMW_SECTORS=$(expr 64 \* 1024 \* 1024 \/ 512)
779 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
782 ROOT_OFFSET=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}")
780
783
781 # The root partition is EXT4
784 # The root partition is EXT4
782 # This means more space than the actual used space of the chroot is used.
785 # This means more space than the actual used space of the chroot is used.
783 # As overhead for journaling and reserved blocks 35% are added.
786 # As overhead for journaling and reserved blocks 35% are added.
784 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
787 ROOT_SECTORS=$(expr "$(expr "${CHROOT_SIZE}" + "${CHROOT_SIZE}" \/ 100 \* 35)" \* 1024 \/ 512)
785
788
786 # Calculate required image size in 512 Byte sectors
789 # Calculate required image size in 512 Byte sectors
787 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
790 IMAGE_SECTORS=$(expr "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}")
788
791
789 # Prepare image file
792 # Prepare image file
790 if [ "$ENABLE_SPLITFS" = true ] ; then
793 if [ "$ENABLE_SPLITFS" = true ] ; then
791 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
794 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count="${TABLE_SECTORS}"
792 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
795 dd if=/dev/zero of="$IMAGE_NAME-frmw.img" bs=512 count=0 seek="${FRMW_SECTORS}"
793 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
796 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count="${TABLE_SECTORS}"
794 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
797 dd if=/dev/zero of="$IMAGE_NAME-root.img" bs=512 count=0 seek="${ROOT_SECTORS}"
795
798
796 # Write firmware/boot partition tables
799 # Write firmware/boot partition tables
797 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
800 sfdisk -q -L -uS -f "$IMAGE_NAME-frmw.img" 2> /dev/null <<EOM
798 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
801 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
799 EOM
802 EOM
800
803
801 # Write root partition table
804 # Write root partition table
802 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
805 sfdisk -q -L -uS -f "$IMAGE_NAME-root.img" 2> /dev/null <<EOM
803 ${TABLE_SECTORS},${ROOT_SECTORS},83
806 ${TABLE_SECTORS},${ROOT_SECTORS},83
804 EOM
807 EOM
805
808
806 # Setup temporary loop devices
809 # Setup temporary loop devices
807 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
810 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME"-frmw.img)"
808 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
811 ROOT_LOOP="$(losetup -o 1M -f --show "$IMAGE_NAME"-root.img)"
809 else # ENABLE_SPLITFS=false
812 else # ENABLE_SPLITFS=false
810 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
813 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count="${TABLE_SECTORS}"
811 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
814 dd if=/dev/zero of="$IMAGE_NAME.img" bs=512 count=0 seek="${IMAGE_SECTORS}"
812
815
813 # Write partition table
816 # Write partition table
814 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
817 sfdisk -q -L -uS -f "$IMAGE_NAME.img" 2> /dev/null <<EOM
815 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
818 ${TABLE_SECTORS},${FRMW_SECTORS},c,*
816 ${ROOT_OFFSET},${ROOT_SECTORS},83
819 ${ROOT_OFFSET},${ROOT_SECTORS},83
817 EOM
820 EOM
818
821
819 # Setup temporary loop devices
822 # Setup temporary loop devices
820 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
823 FRMW_LOOP="$(losetup -o 1M --sizelimit 64M -f --show "$IMAGE_NAME".img)"
821 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
824 ROOT_LOOP="$(losetup -o 65M -f --show "$IMAGE_NAME".img)"
822 fi
825 fi
823
826
824 if [ "$ENABLE_CRYPTFS" = true ] ; then
827 if [ "$ENABLE_CRYPTFS" = true ] ; then
825 # Create dummy ext4 fs
828 # Create dummy ext4 fs
826 #mkfs.ext4 "$ROOT_LOOP"
829 #mkfs.ext4 "$ROOT_LOOP"
827
830
828 # Setup password keyfile
831 # Setup password keyfile
829 touch .password
832 touch .password
830 chmod 600 .password
833 chmod 600 .password
831 echo -n ${CRYPTFS_PASSWORD} > .password
834 echo -n ${CRYPTFS_PASSWORD} > .password
832
835
833 # Initialize encrypted partition
836 # Initialize encrypted partition
834 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
837 echo "YES" | cryptsetup luksFormat "${ROOT_LOOP}" -c "${CRYPTFS_CIPHER}" -s "${CRYPTFS_XTSKEYSIZE}" .password
835
838
836 # Open encrypted partition and setup mapping
839 # Open encrypted partition and setup mapping
837 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
840 cryptsetup luksOpen "${ROOT_LOOP}" -d .password "${CRYPTFS_MAPPING}"
838
841
839 # Secure delete password keyfile
842 # Secure delete password keyfile
840 shred -zu .password
843 shred -zu .password
841
844
842 # Update temporary loop device
845 # Update temporary loop device
843 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
846 ROOT_LOOP="/dev/mapper/${CRYPTFS_MAPPING}"
844
847
845 # Wipe encrypted partition (encryption cipher is used for randomness)
848 # Wipe encrypted partition (encryption cipher is used for randomness)
846 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
849 dd if=/dev/zero of="${ROOT_LOOP}" bs=512 count="$(blockdev --getsz "${ROOT_LOOP}")"
847 fi
850 fi
848
851
849 # Build filesystems
852 # Build filesystems
850 mkfs.vfat "$FRMW_LOOP"
853 mkfs.vfat "$FRMW_LOOP"
851 mkfs.ext4 "$ROOT_LOOP"
854 mkfs.ext4 "$ROOT_LOOP"
852
855
853 # Mount the temporary loop devices
856 # Mount the temporary loop devices
854 mkdir -p "$BUILDDIR/mount"
857 mkdir -p "$BUILDDIR/mount"
855 mount "$ROOT_LOOP" "$BUILDDIR/mount"
858 mount "$ROOT_LOOP" "$BUILDDIR/mount"
856
859
857 mkdir -p "$BUILDDIR/mount/boot/firmware"
860 mkdir -p "$BUILDDIR/mount/boot/firmware"
858 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
861 mount "$FRMW_LOOP" "$BUILDDIR/mount/boot/firmware"
859
862
860 # Copy all files from the chroot to the loop device mount point directory
863 # Copy all files from the chroot to the loop device mount point directory
861 rsync -a "${R}/" "$BUILDDIR/mount/"
864 rsync -a "${R}/" "$BUILDDIR/mount/"
862
865
863 # Unmount all temporary loop devices and mount points
866 # Unmount all temporary loop devices and mount points
864 cleanup
867 cleanup
865
868
866 # Create block map file(s) of image(s)
869 # Create block map file(s) of image(s)
867 if [ "$ENABLE_SPLITFS" = true ] ; then
870 if [ "$ENABLE_SPLITFS" = true ] ; then
868 # Create block map files for "bmaptool"
871 # Create block map files for "bmaptool"
869 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
872 bmaptool create -o "$IMAGE_NAME-frmw.bmap" "$IMAGE_NAME-frmw.img"
870 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
873 bmaptool create -o "$IMAGE_NAME-root.bmap" "$IMAGE_NAME-root.img"
871
874
872 # Image was successfully created
875 # Image was successfully created
873 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
876 echo "$IMAGE_NAME-frmw.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
874 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
877 echo "$IMAGE_NAME-root.img ($(expr \( "${TABLE_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
875 else
878 else
876 # Create block map file for "bmaptool"
879 # Create block map file for "bmaptool"
877 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
880 bmaptool create -o "$IMAGE_NAME.bmap" "$IMAGE_NAME.img"
878
881
879 # Image was successfully created
882 # Image was successfully created
880 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
883 echo "$IMAGE_NAME.img ($(expr \( "${TABLE_SECTORS}" + "${FRMW_SECTORS}" + "${ROOT_SECTORS}" \) \* 512 \/ 1024 \/ 1024)M)" ": successfully created"
881
884
882 # Create qemu qcow2 image
885 # Create qemu qcow2 image
883 if [ "$ENABLE_QEMU" = true ] ; then
886 if [ "$ENABLE_QEMU" = true ] ; then
884 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
887 QEMU_IMAGE=${QEMU_IMAGE:=${BASEDIR}/qemu/${DATE}-${KERNEL_ARCH}-CURRENT-rpi${RPI_MODEL}-${RELEASE}-${RELEASE_ARCH}}
885 QEMU_SIZE=16G
888 QEMU_SIZE=16G
886
889
887 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
890 qemu-img convert -f raw -O qcow2 "$IMAGE_NAME".img "$QEMU_IMAGE".qcow2
888 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
891 qemu-img resize "$QEMU_IMAGE".qcow2 $QEMU_SIZE
889
892
890 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
893 echo "$QEMU_IMAGE.qcow2 ($QEMU_SIZE)" ": successfully created"
891 fi
894 fi
892 fi
895 fi
1 NO CONTENT: modified file
NO CONTENT: modified file
1 NO CONTENT: modified file
NO CONTENT: modified file
1 NO CONTENT: file was removed
NO CONTENT: file was removed
1 NO CONTENT: file was removed
NO CONTENT: file was removed
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant